Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe

Overview

General Information

Sample URL:http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe
Analysis ID:1552334
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Yara detected Generic Downloader
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Usage Of Web Request Commands And Cmdlets
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 3048 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe" > cmdline.out 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 6796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • wget.exe (PID: 1112 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • WcInstaller.exe (PID: 6428 cmdline: "C:\Users\user\Desktop\download\WcInstaller.exe" MD5: 867A91A0D1D0A8C6FE8431BD1C3764C3)
    • WebCompanionInstaller.exe (PID: 3856 cmdline: .\WebCompanionInstaller.exe MD5: 1DD482A55C56D87111463B92DA716FC4)
      • WcInstaller.exe (PID: 4032 cmdline: "C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe" --nanouniqueid=1731079018259 MD5: 3662CA255599DB5161CDE52E1DE102A7)
        • WebCompanionInstaller.exe (PID: 4856 cmdline: .\WebCompanionInstaller.exe --prod --nanouniqueid=1731079018259 MD5: FC6914EC6BFCC36059143A72E2073C19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      4.3.WcInstaller.exe.2084fec.3.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        7.0.WebCompanionInstaller.exe.ff0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          5.0.WebCompanionInstaller.exe.4a0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
            4.3.WcInstaller.exe.220bc20.2.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              4.3.WcInstaller.exe.220e420.0.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                Click to see the 1 entries

                Sigma Signatures

                Sigma detected: Usage Of Web Request Commands And Cmdlets
                Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5940, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe" > cmdline.out 2>&1, ProcessId: 3048, ProcessName: cmd.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-08T16:17:12.836991+010020229301A Network Trojan was detected172.202.163.200443192.168.2.649770TCP
                2024-11-08T16:17:50.603992+010020229301A Network Trojan was detected172.202.163.200443192.168.2.649975TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeReversingLabs: Detection: 27%
                Source: C:\Users\user\Desktop\download\WcInstaller.exeReversingLabs: Detection: 50%
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\WcInstaller.logJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\WebCompanionInstaller.exe.logJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                Source: Binary string: c:\Temp\Release\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, WebCompanionInstaller.exe, 00000005.00000002.2218940342.00000000070F2000.00000002.00000001.01000000.00000007.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr
                Source: Binary string: c:\Windows\Temp\drone-54IY9z9Y6otxY0G7\drone\src\WebCompanion\Installer\WebCompanionInstaller\obj\Release\WebCompanionInstaller.pdb source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.dr
                Source: Binary string: c:\Windows\Temp\drone-9jujLHcGUx4L9Bbh\drone\src\WebCompanion\Installer\WebCompanionInstaller\obj\Release\WebCompanionInstaller.pdb source: WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.6.dr
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_00405434 FindFirstFileA,FindFirstFileW,4_2_00405434

                Networking

                barindex
                Yara detected Generic Downloader
                Source: Yara matchFile source: 4.3.WcInstaller.exe.2084fec.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.0.WebCompanionInstaller.exe.ff0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.0.WebCompanionInstaller.exe.4a0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.WcInstaller.exe.220bc20.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.WcInstaller.exe.220e420.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.3.WcInstaller.exe.2209820.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe, type: DROPPED
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 08 Nov 2024 15:16:55 GMTContent-Type: application/x-msdos-programContent-Length: 551822Connection: keep-aliveETag: "1387745468"Last-Modified: Fri, 09 Aug 2024 17:07:30 GMTCF-Cache-Status: HITAge: 3346Expires: Fri, 08 Nov 2024 19:16:55 GMTCache-Control: public, max-age=14400Accept-Ranges: bytesVary: Accept-EncodingServer: cloudflareCF-RAY: 8df686e72a866b88-DFWData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 1e 1d 57 9d 7f 73 04 9d 7f 73 04 9d 7f 73 04 1e 63 7d 04 84 7f 73 04 ab 59 79 04 dd 7f 73 04 13 77 2c 04 9c 7f 73 04 9d 7f 72 04 2f 7f 73 04 1e 77 2e 04 94 7f 73 04 ab 59 78 04 d0 7f 73 04 f2 09 d9 04 9a 7f 73 04 f2 09 ed 04 9c 7f 73 04 5a 79 75 04 9c 7f 73 04 52 69 63 68 9d 7f 73 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ce 88 ac 4d 00 00 00 00 00 00 00 00 e0 00 2f 01 0b 01 06 00 00 98 01 00 00 ec 00 00 00 00 00 00 d4 48 01 00 00 10 00 00 00 b0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 f0 02 00 00 04 00 00 37 e0 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ac e9 01 00 64 00 00 00 00 70 02 00 d0 71 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 97 01 00 00 10 00 00 00 98 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 90 44 00 00 00 b0 01 00 00 46 00 00 00 9c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 68 5a 00 00 00 00 02 00 00 32 00 00 00 e2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 73 78 64 61 74 61 00 04 00 00 00 00 60 02 00 00 02 00 00 00 14 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 c0 2e 72 73 72 63 00 00 00 d0 71 00 00 00 70 02 00 00 72 00 00 00 16 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 08 Nov 2024 15:17:02 GMTContent-Type: application/x-msdos-programContent-Length: 506240Connection: keep-aliveETag: "512621886"Last-Modified: Fri, 12 Feb 2021 19:39:33 GMTCF-Cache-Status: REVALIDATEDExpires: Fri, 08 Nov 2024 19:17:02 GMTCache-Control: public, max-age=14400Accept-Ranges: bytesServer: cloudflareCF-RAY: 8df68713798e4793-DFWData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 1e 1d 57 9d 7f 73 04 9d 7f 73 04 9d 7f 73 04 1e 63 7d 04 84 7f 73 04 ab 59 79 04 dd 7f 73 04 13 77 2c 04 9c 7f 73 04 9d 7f 72 04 2f 7f 73 04 1e 77 2e 04 94 7f 73 04 ab 59 78 04 d0 7f 73 04 f2 09 d9 04 9a 7f 73 04 f2 09 ed 04 9c 7f 73 04 5a 79 75 04 9c 7f 73 04 52 69 63 68 9d 7f 73 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ce 88 ac 4d 00 00 00 00 00 00 00 00 e0 00 2f 01 0b 01 06 00 00 98 01 00 00 ec 00 00 00 00 00 00 d4 48 01 00 00 10 00 00 00 b0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 f0 02 00 00 04 00 00 16 b0 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ac e9 01 00 64 00 00 00 00 70 02 00 e0 71 00 00 00 00 00 00 00 00 00 00 20 9f 07 00 60 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 97 01 00 00 10 00 00 00 98 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 90 44 00 00 00 b0 01 00 00 46 00 00 00 9c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 68 5a 00 00 00 00 02 00 00 32 00 00 00 e2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 73 78 64 61 74 61 00 04 00 00 00 00 60 02 00 00 02 00 00 00 14 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 c0 2e 72 73 72 63 00 00 00 e0 71 00 00 00 70 02 00 00 72 00 00 00 16 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@
                Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 454Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /update.asmx HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/GetComponentsVersionInfo"Host: wc-update-service.lavasoft.comContent-Length: 262Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /7.0.2417.4248/WcInstaller.exe HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 496Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /update.asmx HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/GetComponentsVersionInfo"Host: wc-update-service.lavasoft.comContent-Length: 262Expect: 100-continueConnection: Keep-Alive
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.6:49975
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.6:49770
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_00E1A09A recv,5_2_00E1A09A
                Source: global trafficHTTP traffic detected: GET /8.9.0.1091/WcInstaller.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /7.0.2417.4248/WcInstaller.exe HTTP/1.1Host: wcdownloadercdn.lavasoft.comConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: wcdownloadercdn.lavasoft.com
                Source: global trafficDNS traffic detected: DNS query: flow.lavasoft.com
                Source: global trafficDNS traffic detected: DNS query: wc-update-service.lavasoft.com
                Source: unknownHTTP traffic detected: POST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1Content-Type: application/jsonHost: flow.lavasoft.comContent-Length: 454Connection: Keep-Alive
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000005033000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000004F90000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215044806.0000000000AE5000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://aia.entrust.net/evcs2-chain.p7c01
                Source: WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215208823.0000000000DC9000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000005030000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215208823.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2Assu
                Source: WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3367650810.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000005033000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215208823.0000000000DC9000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215208823.0000000000DC9000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://crl.entrust.net/csbr1.crl0
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000005033000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000004F90000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215044806.0000000000AE5000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://crl.entrust.net/evcs2.crl0
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://crl.entrust.net/g2ca.crl0
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215208823.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digic
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215208823.0000000000DC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/
                Source: WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215208823.0000000000DC9000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000005030000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000005033000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215208823.0000000000DC9000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3367650810.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                Source: WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.d
                Source: WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3367650810.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215044806.0000000000AE5000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3367650810.0000000001468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                Source: WebCompanionInstaller.exe, 00000007.00000002.3367650810.00000000014E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215044806.0000000000AE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabF
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002C82000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://flow.lavasoft.com
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002C82000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://flow.lavasoft.com/v1/event-stat-wc
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002C82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002C82000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://flow.lavasoft.com/v1/event-stat-wclhttp://staging-cloudflow.lavasoft.net/v1/event-stat-wc
                Source: WebCompanionInstaller.exe.4.drString found in binary or memory: http://geo.lavasoft.com/
                Source: Newtonsoft.Json.dll.4.drString found in binary or memory: http://james.newtonking.com/projects/json
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215208823.0000000000DC9000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://ocsp.digicert.com0A
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215208823.0000000000DC9000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000005030000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215208823.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://ocsp.digicert.com0C
                Source: WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3367650810.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://ocsp.digicert.com0O
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000005033000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215208823.0000000000DC9000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://ocsp.digicert.com0X
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://ocsp.entrust.net00
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://ocsp.entrust.net01
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000005033000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000004F90000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215044806.0000000000AE5000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://ocsp.entrust.net02
                Source: WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.6.drString found in binary or memory: http://rt.webcompanion.com/notifications/download/rt/Webprotection.zip
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://rt.webcompanion.com/notifications/download/rt/typolist.txt5Creating
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WcInstaller.exe.5.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WcInstaller.exe.5.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://s2.symcb.com0
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/H
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/WebCompanionInstaller.UpdateService
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                Source: WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/dSWl
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/dSWl(
                Source: WebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://sdl.adaware.com/?bundleid=WCUN001&savename=WCUN001.exe
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002C82000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://staging-cloudflow.lavasoft.net/v1/event-stat-wc
                Source: WebCompanionInstaller.exe, 00000007.00000002.3367650810.0000000001468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.cD
                Source: WebCompanionInstaller.exe, 00000007.00000002.3367650810.0000000001468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.cDD
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3379315389.0000000006010000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3367650810.0000000001468000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3376233945.0000000005DA4000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WcInstaller.exe.5.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3379315389.0000000006010000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3367650810.0000000001468000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3376233945.0000000005DA4000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WcInstaller.exe.5.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3379315389.0000000006010000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3367650810.0000000001468000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3376233945.0000000005DA4000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WcInstaller.exe.5.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://sv.symcd.com0&
                Source: WebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://tempuri.org/
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://tempuri.org/$
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/:WebHttpBinding
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://tempuri.org/GetComponentsInfoByProductT
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://tempuri.org/GetComponentsInfoT
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/GetComponentsVersionInfo
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://tempuri.org/GetComponentsVersionInfoT
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/GetProductInfo
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://tempuri.org/GetProductInfoT
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/H
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/ILocalyHostedServiceInstaller/
                Source: WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValues
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesL.Wlt
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesResponse
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://tempuri.org/SignZipInstallerByProductT
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://tempuri.org/SignZipInstallerT
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://tempuri.org/T
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wc-update-service.lava
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wc-update-service.lavasoft.com
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2214226764.00000000021E4000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe.config.6.dr, WebCompanionInstaller.exe.config.4.drString found in binary or memory: http://wc-update-service.lavasoft.com/components.asmx
                Source: WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wc-update-service.lavasoft.com/components.asmxH
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002D54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wc-update-service.lavasoft.com/components.asmxT6
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2214226764.00000000021E4000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe.config.6.dr, WebCompanionInstaller.exe.config.4.drString found in binary or memory: http://wc-update-service.lavasoft.com/update.asmx
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wcdownloadercdn.lavasoft.com
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/Installer.exep/v
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/Installer.msip/v
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/TcpService.msip/v
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/WcInstaller.exep/v
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/WebCompanion-7.0.2417.4248-prod.zip
                Source: wget.exe, 00000002.00000002.2140339677.0000000000140000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.drString found in binary or memory: http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe
                Source: wget.exe, 00000002.00000002.2140515099.0000000001125000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe.
                Source: wget.exe, 00000002.00000002.2140515099.0000000001120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exeE
                Source: wget.exe, 00000002.00000002.2140515099.0000000001120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exeERVER
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe.config.4.drString found in binary or memory: http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WebCompanion-8.9.0.1091-prod.zip
                Source: WebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://webcompanion.com
                Source: WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.6.drString found in binary or memory: http://webcompanion.com/faq?utm_source=wc-installer&utm_medium=wc-installer&utm_campaign=wc-installe
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://webcompanion.com/uninstall.php?utm_source=wc&utm_medium=
                Source: WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3367650810.00000000014E4000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://www.digicert.com/CPS0
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://www.entrust.net/rpa0
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drString found in binary or memory: http://www.entrust.net/rpa03
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://www.lavasoft.com
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WcInstaller.exe.5.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://www.symauth.com/cps0(
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WcInstaller.exe.5.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: http://www.symauth.com/rpa00
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://www.webcompanion.com
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: http://www.webcompanion.com/installerview/consent_2?culture=
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drString found in binary or memory: https://acs.lavasoft.com/api/v2/url/blacklist7Creating
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drString found in binary or memory: https://acs.lavasoft.com/api/v2/url/permanentwhitelist7Creating
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3379315389.0000000006010000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3367650810.0000000001468000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3376233945.0000000005DA4000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WcInstaller.exe.5.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: https://d.symcb.com/cps0%
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3379315389.0000000006010000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3367650810.0000000001468000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3376233945.0000000005DA4000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WcInstaller.exe.5.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: https://d.symcb.com/rpa0
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drString found in binary or memory: https://featureflags.lavasoft.com/api/Update/WC
                Source: WebCompanionInstaller.exe.6.drString found in binary or memory: https://flow.lavasoft.com/v1/event-stat
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.config.4.drString found in binary or memory: https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drString found in binary or memory: https://rt.webcompanion.com/notifications/download/rt/fallback/WebCompanion.zip
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drString found in binary or memory: https://staging-featureflags-api.lavasoft.net/api/Update/WC
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe.config.4.drString found in binary or memory: https://staging-webcompanion.lavasoft.net/dci/3.0.1.9/Webprotection.zip
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drString found in binary or memory: https://staging-webcompanion.lavasoft.net/dci/3.0.2.12/Webprotection.zip
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe.config.4.drString found in binary or memory: https://wcdownloader-qa.lavasoft.com/8.9.0.1091/WebCompanion-8.9.0.1091-internal.zip
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe.config.4.drString found in binary or memory: https://wcdownloader-qa.lavasoft.com/8.9.0.1091/WebCompanionInstaller-8.9.0.1091-internal.exe
                Source: WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe.config.4.drString found in binary or memory: https://wcdownloadercdn.lavasoft.com/8.9.0.1091/WebCompanionInstaller-8.9.0.1091-prod.exe
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drString found in binary or memory: https://webcompanion.com/en/help.php
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: https://webcompanion.com/nano_download.php?partner=AG160601&Silent&SkipAg&homepage=12&search=2cCheck
                Source: WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.6.drString found in binary or memory: https://webcompanion.com/unsafe.php?utm_source=WC
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drString found in binary or memory: https://webcompanion.com/unsafe.php?utm_source=WCghttp://pp.webcompanion.com/unsafe.php?utm_source=W
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: https://www.adaware.com/privacy-policy
                Source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drString found in binary or memory: https://www.adaware.com/terms-of-use
                Source: WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drString found in binary or memory: https://www.digicert.com/CPS0
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_050C3C4E NtQuerySystemInformation,5_2_050C3C4E
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_050C3C12 NtQuerySystemInformation,5_2_050C3C12
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeFile created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.newJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeFile created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.newJump to behavior
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_004160764_2_00416076
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_0040E38E4_2_0040E38E
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_004124804_2_00412480
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_004039C84_2_004039C8
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_00418CC14_2_00418CC1
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_00418D9B4_2_00418D9B
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_050900985_2_05090098
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_050987205_2_05098720
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_050956305_2_05095630
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_050976C85_2_050976C8
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_05093E105_2_05093E10
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07D9921B5_2_07D9921B
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07D971A05_2_07D971A0
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07D9ED785_2_07D9ED78
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07D97C905_2_07D97C90
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07DD33305_2_07DD3330
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07DF43285_2_07DF4328
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07DF2DF05_2_07DF2DF0
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07E1055B5_2_07E1055B
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_01822CA67_2_01822CA6
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_05EF85EF7_2_05EF85EF
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_05EF75997_2_05EF7599
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_05EF54807_2_05EF5480
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_05EF00987_2_05EF0098
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_089D70187_2_089D7018
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_089D68307_2_089D6830
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_089D7DB07_2_089D7DB0
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_089DD9187_2_089DD918
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_089D5D407_2_089D5D40
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_08A11F007_2_08A11F00
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_08A5F1E17_2_08A5F1E1
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_08A52F787_2_08A52F78
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: String function: 00413724 appears 177 times
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: String function: 00403A63 appears 33 times
                Source: ICSharpCode.SharpZipLib.dll.4.dr, InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
                Source: ICSharpCode.SharpZipLib.dll.4.dr, DeflaterOutputStream.csCryptographic APIs: 'TransformBlock'
                Source: ICSharpCode.SharpZipLib.dll.4.dr, ZipAESTransform.csCryptographic APIs: 'TransformBlock'
                Source: ICSharpCode.SharpZipLib.dll.6.dr, InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
                Source: ICSharpCode.SharpZipLib.dll.6.dr, DeflaterOutputStream.csCryptographic APIs: 'TransformBlock'
                Source: ICSharpCode.SharpZipLib.dll.6.dr, ZipAESTransform.csCryptographic APIs: 'TransformBlock'
                Source: WebCompanionInstaller.exe.4.dr, InstallUtils.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: WebCompanionInstaller.exe.4.dr, InstallUtils.csSecurity API names: System.IO.DirectoryInfo.GetAccessControl()
                Source: WebCompanionInstaller.exe.4.dr, InstallUtils.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: WebCompanionInstaller.exe.6.dr, InstallUtils.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: WebCompanionInstaller.exe.6.dr, InstallUtils.csSecurity API names: System.IO.DirectoryInfo.GetAccessControl()
                Source: WebCompanionInstaller.exe.6.dr, InstallUtils.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: WebCompanionInstaller.exe.6.dr, App.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: WebCompanionInstaller.exe.6.dr, App.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: WebCompanionInstaller.exe.4.dr, App.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: WebCompanionInstaller.exe.4.dr, App.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal52.troj.evad.win@11/38@3/2
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_00E1B7A2 AdjustTokenPrivileges,5_2_00E1B7A2
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_00E1B76B AdjustTokenPrivileges,5_2_00E1B76B
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeMutant created: NULL
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6796:120:WilError_03
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeMutant created: \Sessions\1\BaseNamedObjects\Global\servicemodelservice 3.0.0.0
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7EJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe" > cmdline.out 2>&1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe"
                Source: unknownProcess created: C:\Users\user\Desktop\download\WcInstaller.exe "C:\Users\user\Desktop\download\WcInstaller.exe"
                Source: C:\Users\user\Desktop\download\WcInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe .\WebCompanionInstaller.exe
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe "C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe" --nanouniqueid=1731079018259
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exe .\WebCompanionInstaller.exe --prod --nanouniqueid=1731079018259
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe" Jump to behavior
                Source: C:\Users\user\Desktop\download\WcInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe .\WebCompanionInstaller.exeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe "C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe" --nanouniqueid=1731079018259Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exe .\WebCompanionInstaller.exe --prod --nanouniqueid=1731079018259Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\wget.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\wget.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\wget.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\wget.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\wget.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\wget.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\wget.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\wget.exeSection loaded: explorerframe.dllJump to behavior
                Source: C:\Users\user\Desktop\download\WcInstaller.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: httpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: cryptnet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: httpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: d3d9.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: d3d10warp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: dataexchange.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: d3d11.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: dcomp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: dxgi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: resourcepolicyclient.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: dxcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: presentationnative_v0300.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeSection loaded: msctfui.dllJump to behavior
                Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                Source: Binary string: c:\Temp\Release\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, WebCompanionInstaller.exe, 00000005.00000002.2218940342.00000000070F2000.00000002.00000001.01000000.00000007.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, Newtonsoft.Json.dll.4.dr
                Source: Binary string: c:\Windows\Temp\drone-54IY9z9Y6otxY0G7\drone\src\WebCompanion\Installer\WebCompanionInstaller\obj\Release\WebCompanionInstaller.pdb source: WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.dr
                Source: Binary string: c:\Windows\Temp\drone-9jujLHcGUx4L9Bbh\drone\src\WebCompanion\Installer\WebCompanionInstaller\obj\Release\WebCompanionInstaller.pdb source: WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.6.dr
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_004180F0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_004180F0
                Source: WebCompanionInstaller.resources.dll5.4.drStatic PE information: real checksum: 0x0 should be: 0x5013
                Source: WebCompanionInstaller.resources.dll.4.drStatic PE information: real checksum: 0x0 should be: 0x2690
                Source: WebCompanionInstaller.resources.dll2.4.drStatic PE information: real checksum: 0x0 should be: 0xc0b2
                Source: WebCompanionInstaller.resources.dll8.4.drStatic PE information: real checksum: 0x0 should be: 0xa36a
                Source: WebCompanionInstaller.resources.dll1.4.drStatic PE information: real checksum: 0x0 should be: 0xa6f0
                Source: WebCompanionInstaller.resources.dll6.4.drStatic PE information: real checksum: 0x0 should be: 0x53af
                Source: WebCompanionInstaller.resources.dll7.4.drStatic PE information: real checksum: 0x0 should be: 0x9c04
                Source: WebCompanionInstaller.resources.dll0.4.drStatic PE information: real checksum: 0x0 should be: 0x29c3
                Source: WebCompanionInstaller.resources.dll3.4.drStatic PE information: real checksum: 0x0 should be: 0x7449
                Source: WebCompanionInstaller.resources.dll4.4.drStatic PE information: real checksum: 0x0 should be: 0x98cb
                Source: WcInstaller.exe.2.drStatic PE information: real checksum: 0x8e037 should be: 0x8e0ec
                Source: WcInstaller.exe.2.drStatic PE information: section name: .sxdata
                Source: WcInstaller.exe.5.drStatic PE information: section name: .sxdata
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_00411130 push ecx; mov dword ptr [esp], ecx4_2_00411131
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_00413724 push eax; ret 4_2_00413742
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_00413A90 push eax; ret 4_2_00413ABE
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_00E134AA push eax; ret 5_2_00E1353D
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_00E280D6 push ecx; ret 5_2_00E2810D
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_00E280D6 push ebp; ret 5_2_00E28119
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07752CA8 push E803B8F2h; ret 5_2_07752CAD
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_0775549D push ebp; iretd 5_2_077554A0
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07DF0C41 push esp; retf 07DEh5_2_07DF0C45
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07DF8F1F push 8BD68B64h; iretd 5_2_07DF8F2D
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07DF8EE0 push 8BD68B64h; iretd 5_2_07DF8EEE
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07E122F8 push esp; retf 5_2_07E122F9
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_07E162AD push dword ptr [esi+eax*2-75h]; retf 5_2_07E162B6
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_08A82121 pushfd ; ret 7_2_08A82120
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_01838004 push ecx; ret 7_2_01838005
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_01838010 push ebp; ret 7_2_01838011
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_01A876B2 pushfd ; iretd 7_2_01A876F5
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_05EFC5FE push es; ret 7_2_05EFC600
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_05EFD9D0 push es; ret 7_2_05EFD9E6
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_05EFB590 push es; ret 7_2_05EFB640
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_05EFBA72 push es; ret 7_2_05EFBA80
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_077E07D8 push eax; ret 7_2_077E0A03
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_077E7B20 push es; retn 0008h7_2_077E7B30
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_077E843F pushad ; ret 7_2_077E845D
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_07E30EE0 push 680AC310h; ret 7_2_07E30EF6
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_07E31007 push 680AC360h; ret 7_2_07E3101A
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_089D9C9F push es; retn 0004h7_2_089D9CB0
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_089D3850 push es; retn 0004h7_2_089D3920
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_089D3932 push es; retn 0004h7_2_089D3920
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_08A170D0 push ds; ret 7_2_08A170E4
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeCode function: 7_2_08A18D60 pushad ; ret 7_2_08A18D75
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\tr-TR\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\ja-JP\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\zh-CHS\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\it-IT\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\zh-CHS\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\ja-JP\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\fr-CA\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\es-ES\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\ru-RU\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\it-IT\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\en-US\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\en-US\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\tr-TR\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\fr-CA\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\pt-BR\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\pt-BR\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Windows\SysWOW64\wget.exeFile created: C:\Users\user\Desktop\download\WcInstaller.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\de-DE\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\ICSharpCode.SharpZipLib.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\de-DE\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\Newtonsoft.Json.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\es-ES\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\ru-RU\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\ICSharpCode.SharpZipLib.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\Newtonsoft.Json.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\WcInstaller.logJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\WebCompanionInstaller.exe.logJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 BlobJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeMemory allocated: EB0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeMemory allocated: 2B80000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeMemory allocated: EB0000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeMemory allocated: 19D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeMemory allocated: 3730000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeMemory allocated: 19D0000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\download\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\tr-TR\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\ja-JP\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\zh-CHS\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\it-IT\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\zh-CHS\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\fr-CA\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\ja-JP\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\es-ES\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\ru-RU\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\it-IT\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\en-US\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\tr-TR\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\en-US\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\fr-CA\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\pt-BR\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\pt-BR\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\de-DE\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\ICSharpCode.SharpZipLib.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\de-DE\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\Newtonsoft.Json.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\es-ES\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\Desktop\download\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\ru-RU\WebCompanionInstaller.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\ICSharpCode.SharpZipLib.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\Newtonsoft.Json.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe TID: 6524Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe TID: 7060Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe TID: 3064Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exe TID: 6124Thread sleep time: -90000s >= -30000sJump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_00405434 FindFirstFileA,FindFirstFileW,4_2_00405434
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_050C0772 GetSystemInfo,5_2_050C0772
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: WebCompanionInstaller.exe, 00000005.00000002.2219247764.0000000007160000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
                Source: WebCompanionInstaller.exe.6.drBinary or memory string: vmware
                Source: WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000004F90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: wget.exe, 00000002.00000002.2140430950.0000000000AF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
                Source: WebCompanionInstaller.exe, 00000005.00000002.2219247764.0000000007160000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
                Source: WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000004F90000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3376233945.0000000005D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_004180F0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_004180F0
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_0041561A SetUnhandledExceptionFilter,4_2_0041561A
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_0041562C SetUnhandledExceptionFilter,4_2_0041562C
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe "C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe" --nanouniqueid=1731079018259Jump to behavior
                Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://wcdownloadercdn.lavasoft.com/8.9.0.1091/wcinstaller.exe" > cmdline.out 2>&1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://wcdownloadercdn.lavasoft.com/8.9.0.1091/wcinstaller.exe"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://wcdownloadercdn.lavasoft.com/8.9.0.1091/wcinstaller.exe" Jump to behavior
                Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\Newtonsoft.Json.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\Newtonsoft.Json.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\Newtonsoft.Json.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\Newtonsoft.Json.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\en-US\WebCompanionInstaller.resources.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\en-US\WebCompanionInstaller.resources.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeCode function: 5_2_050C18A2 GetSystemTimeAdjustment,5_2_050C18A2
                Source: C:\Users\user\Desktop\download\WcInstaller.exeCode function: 4_2_004148D4 EntryPoint,GetVersion,GetCommandLineA,GetStartupInfoA,GetModuleHandleA,4_2_004148D4
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 BlobJump to behavior

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Command and Scripting Interpreter                		1
                DLL Side-Loading                		1
                Access Token Manipulation                		11
                Masquerading                		OS Credential Dumping1
                System Time Discovery                		Remote Services11
                Archive Collected Data                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Native API                		Boot or Logon Initialization Scripts11
                Process Injection                		1
                Modify Registry                		LSASS Memory1
                Query Registry                		Remote Desktop ProtocolData from Removable Media12
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		11
                Disable or Modify Tools                		Security Account Manager11
                Security Software Discovery                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook32
                Virtualization/Sandbox Evasion                		NTDS1
                Process Discovery                		Distributed Component Object ModelInput Capture13
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Access Token Manipulation                		LSA Secrets32
                Virtualization/Sandbox Evasion                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                Process Injection                		Cached Domain Credentials2
                File and Directory Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                Deobfuscate/Decode Files or Information                		DCSync15
                System Information Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                Obfuscated Files or Information                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1552334 URL: http://wcdownloadercdn.lava... Startdate: 08/11/2024 Architecture: WINDOWS Score: 52 49 wcdownloadercdn.lavasoft.com 2->49 51 wc-update-service.lavasoft.com 2->51 53 flow.lavasoft.com 2->53 59 Yara detected Generic Downloader 2->59 9 WcInstaller.exe 36 2->9         started        13 cmd.exe 2 2->13         started        signatures3 process4 file5 41 C:\...\WebCompanionInstaller.resources.dll, PE32 9->41 dropped 43 C:\...\WebCompanionInstaller.resources.dll, PE32 9->43 dropped 45 C:\...\WebCompanionInstaller.resources.dll, PE32 9->45 dropped 47 10 other malicious files 9->47 dropped 63 Multi AV Scanner detection for dropped file 9->63 15 WebCompanionInstaller.exe 16 22 9->15         started        19 wget.exe 2 13->19         started        21 conhost.exe 13->21         started        signatures6 process7 dnsIp8 55 wc-update-service.lavasoft.com 64.18.87.81, 49714, 49744, 80 MTOCA Canada 15->55 29 C:\Users\user\AppData\...\WcInstaller.exe, PE32 15->29 dropped 23 WcInstaller.exe 36 15->23         started        57 flow.lavasoft.com 104.16.148.130, 49711, 49713, 49716 CLOUDFLARENETUS United States 19->57 31 C:\Users\user\Desktop\...\WcInstaller.exe, PE32 19->31 dropped file9 process10 file11 33 C:\...\WebCompanionInstaller.resources.dll, PE32 23->33 dropped 35 C:\...\WebCompanionInstaller.resources.dll, PE32 23->35 dropped 37 C:\...\WebCompanionInstaller.resources.dll, PE32 23->37 dropped 39 10 other files (8 malicious) 23->39 dropped 61 Multi AV Scanner detection for dropped file 23->61 27 WebCompanionInstaller.exe 4 23->27         started        signatures12 process13

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe0%Avira URL Cloudsafe

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\ICSharpCode.SharpZipLib.dll4%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\Newtonsoft.Json.dll4%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exe17%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\de-DE\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\en-US\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\es-ES\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\fr-CA\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\it-IT\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\ja-JP\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\pt-BR\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\ru-RU\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\tr-TR\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\zh-CHS\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\ICSharpCode.SharpZipLib.dll3%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\Newtonsoft.Json.dll3%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe12%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\de-DE\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\en-US\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\es-ES\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\fr-CA\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\it-IT\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\ja-JP\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\pt-BR\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\ru-RU\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\tr-TR\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\zh-CHS\WebCompanionInstaller.resources.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe27%ReversingLabs
                C:\Users\user\Desktop\download\WcInstaller.exe50%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.webcompanion.com0%Avira URL Cloudsafe
                https://www.adaware.com/privacy-policy0%Avira URL Cloudsafe
                http://www.webcompanion.com/installerview/consent_2?culture=0%Avira URL Cloudsafe
                https://staging-webcompanion.lavasoft.net/dci/3.0.2.12/Webprotection.zip0%Avira URL Cloudsafe
                http://wc-update-service.lava0%Avira URL Cloudsafe
                http://crl4.d0%Avira URL Cloudsafe
                https://staging-webcompanion.lavasoft.net/dci/3.0.1.9/Webprotection.zip0%Avira URL Cloudsafe
                http://schemas.datacontract.org/2004/07/WebCompanionInstaller.UpdateService0%Avira URL Cloudsafe
                https://wcdownloader-qa.lavasoft.com/8.9.0.1091/WebCompanion-8.9.0.1091-internal.zip0%Avira URL Cloudsafe
                http://sdl.adaware.com/?bundleid=WCUN001&savename=WCUN001.exe0%Avira URL Cloudsafe
                https://www.adaware.com/terms-of-use0%Avira URL Cloudsafe
                http://schemas.datacontract.org/2004/07/H0%Avira URL Cloudsafe
                https://wcdownloader-qa.lavasoft.com/8.9.0.1091/WebCompanionInstaller-8.9.0.1091-internal.exe0%Avira URL Cloudsafe
                http://www.lavasoft.com0%Avira URL Cloudsafe
                http://staging-cloudflow.lavasoft.net/v1/event-stat-wc0%Avira URL Cloudsafe
                https://staging-featureflags-api.lavasoft.net/api/Update/WC0%Avira URL Cloudsafe
                http://crl3.digic0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                wc-update-service.lavasoft.com
                		64.18.87.81
                		truefalse
                  		high
                  wcdownloadercdn.lavasoft.com
                  		104.16.148.130
                  		truefalse
                    		high
                    flow.lavasoft.com
                    		104.16.148.130
                    		truefalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/WcInstaller.exefalse
                        		high
                        http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exefalse
                          		high
                          http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1false
                            		high
                            http://wc-update-service.lavasoft.com/update.asmxfalse
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://crl.entrust.net/g2ca.crl0WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drfalse
                                		high
                                http://tempuri.org/GetComponentsVersionInfoTWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                  		high
                                  https://webcompanion.com/unsafe.php?utm_source=WCWcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.6.drfalse
                                    		high
                                    http://schemas.datacontract.orgWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesResponseWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://ocsp.entrust.net02WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000005033000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000004F90000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215044806.0000000000AE5000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drfalse
                                          		high
                                          http://ocsp.entrust.net01WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drfalse
                                            		high
                                            http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/TcpService.msip/vWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://ocsp.entrust.net00WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drfalse
                                                		high
                                                https://featureflags.lavasoft.com/api/Update/WCWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drfalse
                                                  		high
                                                  https://wcdownloadercdn.lavasoft.com/8.9.0.1091/WebCompanionInstaller-8.9.0.1091-prod.exeWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe.config.4.drfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/soap/envelope/WebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.adaware.com/privacy-policyWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://wc-update-service.lavasoft.com/components.asmxHWebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/WebCompanion-7.0.2417.4248-prod.zipWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/WebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                            		high
                                                            http://wc-update-service.lavaWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/Installer.msip/vWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.webcompanion.comWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zipWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.config.4.drfalse
                                                                		high
                                                                http://wc-update-service.lavasoft.comWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/HWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://tempuri.org/:WebHttpBindingWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/WcInstaller.exep/vWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://acs.lavasoft.com/api/v2/url/permanentwhitelist7CreatingWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drfalse
                                                                          		high
                                                                          http://crl.entrust.net/csbr1.crl0WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drfalse
                                                                            		high
                                                                            http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe.wget.exe, 00000002.00000002.2140515099.0000000001125000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://staging-webcompanion.lavasoft.net/dci/3.0.1.9/Webprotection.zipWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe.config.4.drfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressing/faultWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://wcdownloadercdn.lavasoft.comWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exeERVERwget.exe, 00000002.00000002.2140515099.0000000001120000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.datacontract.org/2004/07/WebCompanionInstaller.UpdateServiceWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesWebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://staging-webcompanion.lavasoft.net/dci/3.0.2.12/Webprotection.zipWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://webcompanion.com/faq?utm_source=wc-installer&utm_medium=wc-installer&utm_campaign=wc-installeWcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.6.drfalse
                                                                                        		high
                                                                                        https://wcdownloader-qa.lavasoft.com/8.9.0.1091/WebCompanion-8.9.0.1091-internal.zipWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe.config.4.drfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://flow.lavasoft.com/v1/event-stat-wclhttp://staging-cloudflow.lavasoft.net/v1/event-stat-wcWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                          		high
                                                                                          http://webcompanion.com/uninstall.php?utm_source=wc&utm_medium=WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                            		high
                                                                                            http://flow.lavasoft.comWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002C82000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WebCompanion-8.9.0.1091-prod.zipWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe.config.4.drfalse
                                                                                                		high
                                                                                                http://aia.entrust.net/evcs2-chain.p7c01WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000005033000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000004F90000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215044806.0000000000AE5000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drfalse
                                                                                                  		high
                                                                                                  http://rt.webcompanion.com/notifications/download/rt/typolist.txt5CreatingWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                    		high
                                                                                                    http://www.webcompanion.com/installerview/consent_2?culture=WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.entrust.net/rpa0WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drfalse
                                                                                                      		high
                                                                                                      http://tempuri.org/GetProductInfoTWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                        		high
                                                                                                        http://sdl.adaware.com/?bundleid=WCUN001&savename=WCUN001.exeWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://crl4.dWebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://rt.webcompanion.com/notifications/download/rt/Webprotection.zipWcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.6.drfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/$WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                            		high
                                                                                                            http://flow.lavasoft.com/v1/event-stat-wcWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002C82000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                              		high
                                                                                                              https://webcompanion.com/en/help.phpWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/soap/encoding/dSWlWebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.datacontract.org/2004/07/HWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://www.adaware.com/terms-of-useWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://acs.lavasoft.com/api/v2/url/blacklist7CreatingWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://tempuri.org/ILocalyHostedServiceInstaller/WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://webcompanion.comWebCompanionInstaller.exe, 00000007.00000002.3369288611.00000000037EE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/GetProductInfoWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.entrust.net/rpa03WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drfalse
                                                                                                                              		high
                                                                                                                              http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exeEwget.exe, 00000002.00000002.2140515099.0000000001120000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://rt.webcompanion.com/notifications/download/rt/fallback/WebCompanion.zipWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/soap/encoding/dSWl(WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://geo.lavasoft.com/WebCompanionInstaller.exe.4.drfalse
                                                                                                                                      		high
                                                                                                                                      http://www.symauth.com/cps0(WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B40000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WcInstaller.exe.5.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drfalse
                                                                                                                                        		high
                                                                                                                                        https://wcdownloader-qa.lavasoft.com/8.9.0.1091/WebCompanionInstaller-8.9.0.1091-internal.exeWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe.config.4.drfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        http://staging-cloudflow.lavasoft.net/v1/event-stat-wcWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002C82000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        http://flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wcWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002C82000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://james.newtonking.com/projects/jsonNewtonsoft.Json.dll.4.drfalse
                                                                                                                                            		high
                                                                                                                                            http://tempuri.org/GetComponentsVersionInfoWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003781000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://tempuri.org/GetComponentsInfoByProductTWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                                                                		high
                                                                                                                                                http://www.lavasoft.comWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                http://wc-update-service.lavasoft.com/components.asmxT6WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002D54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressingWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.symauth.com/rpa00WebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2216042480.0000000002070000.00000004.00001000.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.000000000226E000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369184071.0000000001B49000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.6.dr, WcInstaller.exe.5.dr, WebCompanionInstaller.exe.6.dr, ICSharpCode.SharpZipLib.dll.6.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://staging-featureflags-api.lavasoft.net/api/Update/WCWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://flow.lavasoft.com/v1/event-statWebCompanionInstaller.exe.6.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://tempuri.org/TWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://crl3.digicWebCompanionInstaller.exe, 00000005.00000002.2215208823.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          http://tempuri.org/ILocalyHostedServiceInstaller/GetDropDownValuesL.WltWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://webcompanion.com/unsafe.php?utm_source=WCghttp://pp.webcompanion.com/unsafe.php?utm_source=WWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WebCompanionInstaller.exe.4.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://tempuri.org/SignZipInstallerByProductTWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://crl.entrust.net/evcs2.crl0WcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000005033000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2216613941.0000000004F90000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000002.2215044806.0000000000AE5000.00000004.00000020.00020000.00000000.sdmp, ICSharpCode.SharpZipLib.dll.4.dr, Newtonsoft.Json.dll.4.dr, WebCompanionInstaller.exe.4.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://webcompanion.com/nano_download.php?partner=AG160601&Silent&SkipAg&homepage=12&search=2cCheckWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://wc-update-service.lavasoft.com/components.asmxWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002CD4000.00000004.00000800.00020000.00000000.sdmp, WcInstaller.exe, 00000006.00000003.2214226764.00000000021E4000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe.config.6.dr, WebCompanionInstaller.exe.config.4.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/Installer.exep/vWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002DE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://tempuri.org/SignZipInstallerTWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://schemas.xmlsoap.org/soap/actor/nextWebCompanionInstaller.exe, 00000005.00000002.2215750194.0000000002B81000.00000004.00000800.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000002.3369288611.0000000003731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://tempuri.org/GetComponentsInfoTWcInstaller.exe, 00000004.00000003.2156127650.0000000002207000.00000004.00000020.00020000.00000000.sdmp, WcInstaller.exe, 00000004.00000003.2156261323.0000000002080000.00000004.00001000.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000005.00000000.2156412086.00000000004A2000.00000002.00000001.01000000.00000004.sdmp, WcInstaller.exe, 00000006.00000003.2215873138.00000000021E2000.00000004.00000020.00020000.00000000.sdmp, WebCompanionInstaller.exe, 00000007.00000000.2216245667.0000000000FF2000.00000002.00000001.01000000.00000009.sdmp, WebCompanionInstaller.exe.4.dr, WebCompanionInstaller.exe.6.drfalse
                                                                                                                                                                              		high

                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                              Public IPs

                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                              64.18.87.81
                                                                                                                                                                              		wc-update-service.lavasoft.comCanada
                                                                                                                                                                              		21548MTOCAfalse
                                                                                                                                                                              104.16.148.130
                                                                                                                                                                              		wcdownloadercdn.lavasoft.comUnited States
                                                                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                                                                              General Information

                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                              Analysis ID:1552334
                                                                                                                                                                              Start date and time:2024-11-08 16:16:02 +01:00
                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                              Overall analysis duration:0h 6m 42s
                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                              Report type:full
                                                                                                                                                                              Cookbook file name:urldownload.jbs
                                                                                                                                                                              Sample URL:http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe
                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                              Number of analysed new started processes analysed:16
                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                              Technologies:
                                                                                                                                                                              • HCA enabled
                                                                                                                                                                              • EGA enabled
                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                              Detection:MAL
                                                                                                                                                                              Classification:mal52.troj.evad.win@11/38@3/2
                                                                                                                                                                              EGA Information:
                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                              HCA Information:
                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                              • Number of executed functions: 527
                                                                                                                                                                              • Number of non-executed functions: 28

                                                                                                                                                                              Warnings

                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, PresentationFontCache.exe
                                                                                                                                                                              • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                              • VT rate limit hit for: http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe

                                                                                                                                                                              Simulations

                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                              10:17:02API Interceptor183x Sleep call for process: WebCompanionInstaller.exe modified

                                                                                                                                                                              LLM Input / Output

                                                                                                                                                                              InputOutput
                                                                                                                                                                              URL: Model: claude-3-5-sonnet-latest
                                                                                                                                                                              {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                                                                                                                                                              URL: URL: http://wcdownloadercdn.lavasoft.com

                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                              IPs

                                                                                                                                                                              No context

                                                                                                                                                                              Domains

                                                                                                                                                                              No context

                                                                                                                                                                              ASNs

                                                                                                                                                                              No context

                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                              No context

                                                                                                                                                                              Dropped Files

                                                                                                                                                                              No context

                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                              C:\ProgramData\Lavasoft\Web Companion\Options\Statistics.txt

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe
                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):56
                                                                                                                                                                              Entropy (8bit):4.49468036840891
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:asLGY4w8GwFhY:aqGY4xdFhY
                                                                                                                                                                              MD5:9433EA37598C36F7CD8A8061CDC33F6B
                                                                                                                                                                              SHA1:16847DC67B2590A74E38704CFEA5AA3E7B85B421
                                                                                                                                                                              SHA-256:2B7D97C4797318BE1E95793C1AD7BF4F273F92683739C45994EAE6F84D12B281
                                                                                                                                                                              SHA-512:6F9F25A27FA0BAB2D6420C7C404E2E8F9C0F3FAC813241ADA7BEA432A093EDE3AB2EC215FC0010CC592EECC39DE5AA553AA50AC2ABAD9E05F92F941D71F422CA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:{ "install_id" : "d1bec53a-6b69-4823-a95f-cc11516f625a"}

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\WebCompanionInstaller.exe.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2157
                                                                                                                                                                              Entropy (8bit):5.361234583905415
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:MwQqAdB6ZosoW6Ux+FOKmNpK5UXOl7FKh0K5FPOaQK5sWR3:JQJB6ZosoW6Ux+nj5JC95lZ5sWh
                                                                                                                                                                              MD5:1FB18656EFF39E2F50776E21C42F0A2B
                                                                                                                                                                              SHA1:B06A671EC4D55AC7778CAAD84CD93433F08EF897
                                                                                                                                                                              SHA-256:59108321FACC3AA3DED66BECC6E277C410DED8B6FA8892B3F543E7180E3B8CD0
                                                                                                                                                                              SHA-512:479147B1989172E87820ADE9614D7B49176036DB23E51B50C8C1FA248825F32B533AB2005896FF6309FDB3E905B21CF0FB8BEA3F6B1A463274C27516174D38B4
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\953f7919ee8eb01854d0f477eb340f30\WindowsBase.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53c9f90d7d1962ac81bca35f27f3b5c6\PresentationCore.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\06983816e9e9c8e14e0c69f787b06c62\System.Core.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f0806a395be5d02c6fb9919cf151da76\PresentationFramework.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\53992d421e2c7ecf6609c62b3510a6f0\System.Configuration.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\74774597e319a738b792e6a6c06d3559\System.Xml.ni.dll",0..2,"System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.ServiceModel.We

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):213992
                                                                                                                                                                              Entropy (8bit):5.7419853669066505
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:bK1c/KCOAUXk31Vv91GOtJJKuE1iA5mGPB8qd9OTymIpn+64kRAclDwRNG95ZI40:We9OAQsFtJrGPBnmIRZ
                                                                                                                                                                              MD5:9CA372E8F1A3805B3BA02C1BDCC101E3
                                                                                                                                                                              SHA1:A112A7456E76ADB88C403118BC5AA843B41E7560
                                                                                                                                                                              SHA-256:C5D4F060359B45DF242DA27D587534A5DEB07AA1E7F2C94B9832EAC7A1147958
                                                                                                                                                                              SHA-512:11818B010D70814332F36E698B570EB47C975CA9FE1E1D51D4616FF1B203A4390916F6CEFCDA375B3FBFB6BA5EF7AADE0D7DCF6105EA6CE65CB0E7886CCE1DFC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!......... ........... ........@.. .......................@......Qt....@.................................d...W........................3... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\Newtonsoft.Json.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):438760
                                                                                                                                                                              Entropy (8bit):6.090777531981987
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:PHerwzLkqCG3uKWf4g6tUwoOkErUx5/Rsnaszr0tZDPEaN+YB5+GonBG:PHerIacuKUtOkESbKQrvB5+rG
                                                                                                                                                                              MD5:0DE6A884EE8BF431A7BB8CFB46B37C17
                                                                                                                                                                              SHA1:139C151E8F86406E4A7DC2DBE300EA5E69CFADA5
                                                                                                                                                                              SHA-256:107B2784E06328E6C844B17BD9286815EEF031913D177BD4598B283B3E0B0857
                                                                                                                                                                              SHA-512:3FDCDC436CE43FE9A0100DCEB4F591B98C27D3B0B46AD0031C6180F28E96EB6B7B876E8F71170CB920C0290ABD05C28442300E2D13E04F731484CEE1BEE057DA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.R...........!.....t............... ........... ...............................,....@.....................................K.......8............~...3..........x................................................ ............... ..H............text....s... ...t.................. ..`.rsrc...8............v..............@..@.reloc...............|..............@..B........................H.......h...................X...P ......................................yK.N...f....i5.#I..xV. ..%BR..^.....t0"..z.%./.G'.j....{...2...k)w...'>.c..P..X.......n...h....E...ex..X/H].R.e.{..;&.-.'....{....*"..}....*V.(x.....(......}....*2.{....oy...*2.{....oz...*B..(....&..(....*...0...........oo........YE....}...............}...n...............n.......I...I...I...I...3...I...X...8D....t......{.....or...o{....ow.....+U..o|.....{.....o....oo...o}.....o....o....t.....o....o..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):373736
                                                                                                                                                                              Entropy (8bit):6.252317264613027
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:3YVPViNMw4XgAk6w3WwmxnVw/c6nWybOg8Mu4kOgR619WYDnptR9scadfod/O:IVoNMw4Xg6bwmxnVw/c6A0D4619WYDnQ
                                                                                                                                                                              MD5:FC6914EC6BFCC36059143A72E2073C19
                                                                                                                                                                              SHA1:79EECD6C9C1CF5F3AF56F796189FF3B7183145FA
                                                                                                                                                                              SHA-256:D22BCBC8B7AFC8784BC845313668DB68F18ED948097C5DD4185A0FC1D75C0300
                                                                                                                                                                              SHA-512:787B0B21C655E84D51B211F1E3A34B0E89006AB81AD82DDA35F859DD16C0BBCE2FB6D3BCED053A3B4867B8ED5958863D4C6B1CD8A0BCEA31686B9B71ED800F74
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Yara Hits:
                                                                                                                                                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exe, Author: Joe Security
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.&`.....................t.......(... ...@....@.. ....................................@..................................(..S....@...p...............3..........`'............................................... ............... ..H............text........ ...................... ..`.rsrc....p...@...r..................@..@.reloc...............~..............@..B.................(......H........................)...............................................r...p*2rs..p.(....*.0..........(_.....(....-..(....&.(\....(.....(......(...+.~......(...+...o......+U..(..........o....,....r...p~....o....o ...(!....+"...r...p~....o....o ...r...p("......(#...-...........o$.....r...p(%....(&.........s.........o......z*.......E.b...................2r...p.(....*..('...*..('.....s....}.....{....r...po....,...}....*2r...p.(....*..0..x..........{....r[..po....,.(`....+.(]..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1025
                                                                                                                                                                              Entropy (8bit):4.77782784676608
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:2ddInJsEVr6+k8Cs40sD5jscrMkS30G9/B:cWn6EVr6R841docr7S3tB
                                                                                                                                                                              MD5:0D86E732C7D385B99B69EB1EC27AF0A3
                                                                                                                                                                              SHA1:F5FF2BFC03B4B7704F5C2ADD6F7EFCD7E177006E
                                                                                                                                                                              SHA-256:B33E2CB24A9641D16DAB02BA41564B7B3A6CFD9C81843878D04F93B4A6EA875E
                                                                                                                                                                              SHA-512:87B8A4DE11C14B9D0F3B93B26F8BAB47C53FEAE3A00D4D11DA7A1FF4DD3FD4408FFB9A2157752608800F0A0BEABA15FB4DADAAA0D16DB28C6604CA400979C36B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. </configSections>.. <startup>.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v4.0"/>.. </startup>.. <system.serviceModel>.. <bindings>.. <basicHttpBinding>.. <binding name="InstallServiceSoap" />.. <binding name="UpdateServiceSoap" />.. <binding name="ComponentsServiceSoap" />.. </basicHttpBinding>.. </bindings>.. <client>.. <endpoint address="http://wc-update-service.lavasoft.com/update.asmx".. binding="basicHttpBinding" bindingConfiguration="UpdateServiceSoap".. contract="UpdateService.UpdateServiceSoap" name="UpdateServiceSoap" />.. <endpoint address="http://wc-update-service.lavasoft.com/components.asmx".. binding="basicHttpBinding" bindingConfiguration="ComponentsServiceSoap".. contract="UpdateComponents.ComponentsServiceSoap" name="ComponentsServiceSoap" />.. </client>.. </system.serviceM

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\de-DE\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):8704
                                                                                                                                                                              Entropy (8bit):4.676609718255993
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:CgfIhjIc3PMm7pMwY7ZsaPIwDFIplOUoBeRK4mQu5ogll:b4Ic3PMm7SwY7Z3g6Cpl1oBeRKyuz
                                                                                                                                                                              MD5:7AB20E7DBBA3DEB2493DECA81BD3051C
                                                                                                                                                                              SHA1:7B2CB46C689889F9DC373A9D038A6603943B1124
                                                                                                                                                                              SHA-256:9E0F4C7390630392B696F1606B2D04997945C37FE0AB0FA7439A72FE0C0DC7D6
                                                                                                                                                                              SHA-512:EFBFF07D17F497C902A935F4BECB278B0D2A35E303DEEE614EDE718BB26912C03E0276AC0D5A45C9706CEE561AED3D397A194B612F45126523CA81197CA362D3
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.&`...........!.................8... ...@....@.. ....................................@.................................48..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................p8......H........4..d...........P ..}...........................................y..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....3.......PADPADPP)6..).........V ..........]....}..........-.C.... ...#..S.n....xv.|.-..X:.......V...h...................v..-..EZ....1.N...D|-.. ...?.!..v"..v"..v"..v"..."vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~C...|...........}.......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\en-US\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                              Entropy (8bit):4.654312730431527
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:7fPgEcVakaXUDprwmPamCYP8HrJx5jeuwuEogll:/cVakaXUDZwmPoV3y3uk
                                                                                                                                                                              MD5:22EE41DCB745B9CB926096FC1EA9F1FB
                                                                                                                                                                              SHA1:EC7D69FE6E6EC804FF1082780F50B4C733BE4930
                                                                                                                                                                              SHA-256:834228252463B03AA56447E6818BE515180F26C6F02BEB4A7D3DB2D991D2763A
                                                                                                                                                                              SHA-512:2527077E62A6D5C090FE71F0D92542B314AECA3E099109F77355F400F6AB58E10C48DE313ADBC0783AE6AF2A793AD185CE121693B570DEA289E77EE01242D76F
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.&`...........!.................7... ...@....@.. ....................................@..................................6..K....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................7......H.......|3..d...........P ..+...........................................'..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....7.......PADPADPP)6..).........V ..........]....}..........-.C.... ...#..S.n....xv.|.-.D...................w#(..X:.......V...h...............v..-..EZ..N...D|-.. ...?.!..v"..v"..v"..v"..."vAw(...2#Uv=..C?.9.W.F.^:1;j..cv..~...~....T...

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\es-ES\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                              Entropy (8bit):4.785714293512174
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:Sw0gfIhjIc3CJHApows5cYtruyU9LPNWYVyVdHusogll:r4Ic3CJHA2ws5c8UpPcYIuM
                                                                                                                                                                              MD5:7B04701EDCDD62AA33B225A6AF69868B
                                                                                                                                                                              SHA1:BE7F944F49DAA3E0E2212D99FAB0FFEAE15DB011
                                                                                                                                                                              SHA-256:4482DB8F8C242E4F8D7A634021DB7C0C3D29D93C7FC1B55BF46D192C647129A5
                                                                                                                                                                              SHA-512:CCAA15C3166A0538D2E32B9AEA497BD0FCBCC72D88DBAEA759089363995D9155C028D6814B5436373A34C85FD5CD8E761C63F444049F3CA84BDC4385CB700A7B
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.&`...........!.................7... ...@....@.. ....................................@..................................7..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................7......H.......$4..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....3.......PADPADPP)6..).........V ..........]....}..........-.C.... ...#..S.n....xv.|.-..X:.......V...h...................v..-..EZ....1.N...D|-.. ...?.!..v"..v"..v"..v"..."vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~C...|...........}.......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\fr-CA\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):8704
                                                                                                                                                                              Entropy (8bit):4.665607246976218
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:OAgfIhjIc3LczHpowomvo4zWFTSoQhoNE5upogll:o4Ic3LczH2womRmTcYMuj
                                                                                                                                                                              MD5:823C59C5950965BFD08C9FFB94A55D49
                                                                                                                                                                              SHA1:D7B9BCF4EE830E641AE77909CAF9C201BDB1EE75
                                                                                                                                                                              SHA-256:CB2E24B0252A58B3362068CA581890191F9FB2F439D24293D73987A8CB858B5A
                                                                                                                                                                              SHA-512:FEFDFF18BB90866C4D0A77104BD94A181A0DAF31D16A9DEC621C8E0D5028804D9C28D8C5E8CE88AD50BD15E9A30E88811091DEF6EEFEBC10F09A6F3CC7A6AFA4
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{.&`...........!................~8... ...@....@.. ....................................@.................................$8..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................`8......H........4..d...........P ..m...........................................i..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....3.......PADPADPP)6..).........V ..........]....}..........-.C.... ...#..S.n....xv.|.-..X:.......V...h...................v..-..EZ....1.N...D|-.. ...?.!..v"..v"..v"..v"..."vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~C...|...........}.......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\it-IT\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):7680
                                                                                                                                                                              Entropy (8bit):4.469374883773304
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:RCipngp9cqvLjJvGZ2AvurzPP7YDDhzVYYfNplR5uD9dqgll:RCipngp9cqH9YIP7WVRfbNuxogll
                                                                                                                                                                              MD5:79CA26ECAA492C51B517806CDDC154B1
                                                                                                                                                                              SHA1:1CEE98B8A171A30ECD0C70B4334B77D2C1E53815
                                                                                                                                                                              SHA-256:91DAA5697767962CD3DCBC4A590348EA4286B07D62AE2A9C4C6393A1A7C558D4
                                                                                                                                                                              SHA-512:04A452BF328069DADD48CC29C60920A2E635FF9F9961E6F2FEBFE7D8C500E34158C1C15B948D739AD1EE9598E39BD7A4B5667C7397208D52A2468BF9A0EC9576
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{.&`...........!................^4... ...@....@.. ....................................@..................................4..S....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@4......H........0..d...........P ..Q...........................................M..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADPP)6..).........V ......]....}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~[...............7...L...2.......................".......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\ja-JP\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                              Entropy (8bit):4.918518403781901
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:PCi04kp2EvDSrw7aUWWdR435MIX7I2YaPegPqDmw430XlRXud9dqgll:PCi04kp2EsKej39XBi74kXTu/ogll
                                                                                                                                                                              MD5:E290C1BD255BF0369C03787E2584408A
                                                                                                                                                                              SHA1:D427205750C0FDBC07CA8AB5B3039A131A64006E
                                                                                                                                                                              SHA-256:6F99F2295315E1F9B56287C390D9EA3BFC7D3CDC6380CB33186599D84E44F0EC
                                                                                                                                                                              SHA-512:E5D4BDED861F82FD859AC6465FB51E0643CF6C6281A2668C4CF2C37BC49BA5F8A46603D192207B875C09EDE5282D14526A3BBD2C287CFD9EAA99B0FD5D982073
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{.&`...........!.................6... ...@....@.. ....................................@.................................<6..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p6......H........2..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADPP)6..).........V ......]....}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~[...............7...L...2.......................".......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\pt-BR\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):7680
                                                                                                                                                                              Entropy (8bit):4.5226260405767205
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:9CipnOp3lvgsyQlT6C3+1lmaOO9E4kYlIlR5uP9dqgll:9CipnOp3lYsJ6C3Ql9VIluVogll
                                                                                                                                                                              MD5:FFBE6E86935E942CC879D782FE99F5E4
                                                                                                                                                                              SHA1:0C7315556184E4D4E733A9D91ECC41FD31D924A2
                                                                                                                                                                              SHA-256:24466868F9CCF90E8C8BD3F6BE72FC6438819E7E32C982E6C10F4C0D678E4E2A
                                                                                                                                                                              SHA-512:82585C64DA0CE4254EFE0BD197AF18BB42BA25685583B7E83A592EAEF017FC44021197270BED67B93E38D573F411171EEC1E735A93E3CF89057D829D32D7BB2D
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{.&`...........!................n4... ...@....@.. ....................................@..................................4..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P4......H........0..d...........P .._...........................................[..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADPP)6..).........V ......]....}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~[...............7...L...2.......................".......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\ru-RU\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):8704
                                                                                                                                                                              Entropy (8bit):4.942839572445728
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:nCiBbopyDhMhxbpRK6isuAql4kvumogll:CiBbosDaPRVipRl4CuK
                                                                                                                                                                              MD5:62C2838485C3B889B179EB9E64ED5F28
                                                                                                                                                                              SHA1:B5A2E3EC7DC46C245F8B79310F22136C8BDA73C7
                                                                                                                                                                              SHA-256:F0DEDE0DB5FB1236C7F716D2A4A428BAB086F99A42A6E81637694CDA48F4F39F
                                                                                                                                                                              SHA-512:0F5B4E54C4143E08E6F049573A1614B30A66E4BA77F0E9D79330B55AC28A0F29CAAD4C93F5FEE6D4BBC3BC35817AF44E24B00B91EEDFEBCEB23115AE1D2D70B3
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{.&`...........!.................9... ...@....@.. ....................................@..................................9..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................9......H.......$6..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADPP)6..).........V ......]....}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~[...............7...L...2.......................".......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\tr-TR\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):7680
                                                                                                                                                                              Entropy (8bit):4.761091043811293
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:cCiAtapiUldvg5VaaQo4CvD+WZhWWdurdlR6us9dqgll8:cCiAtapiUldITpl4CvTcOuSogll8
                                                                                                                                                                              MD5:6A1BA7D8604593E3E4E387D4EFCE239A
                                                                                                                                                                              SHA1:C717BD60F4625B87C5ACD9F2FEA8E277583A6E53
                                                                                                                                                                              SHA-256:3E59C9877C63CA2B09D0EE15249954A952F0F219933D7A3BEB166D10EC42B481
                                                                                                                                                                              SHA-512:ED313A0ADB9F7233F672CA4E5C08CED5ADD19AB512B533D2871EE116ABF75B7DB35BD036D1CA7B26A98927038123F1A10D6155904D21FC2DDAD9EFC56235063C
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{.&`...........!................N5... ...@....@.. ....................................@..................................5..K....@.......................`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................05......H........1..d...........P ..K...........................................G..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADPP)6..).........V ......]....}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~[...............7...L...2.......................".......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\zh-CHS\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):7168
                                                                                                                                                                              Entropy (8bit):4.926237414208231
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:7CipxlpiUZWvA2Ug2O+hNSZl6ZG00VlcCwI8nclR4uB9dqgll:7CipxlpiUZWY2r2O+hlG9CNcsuLogll
                                                                                                                                                                              MD5:60B03360584DDF856457A897D13E5A34
                                                                                                                                                                              SHA1:9B3C508D4AF65602DE9A28BB16E939CC6D3D6BB3
                                                                                                                                                                              SHA-256:8ACD37E5C0CC9716186317CBA61604E5338078EC5BACB537F69E5F31A22A1DC2
                                                                                                                                                                              SHA-512:44D988A7D67C1CB7DB942D9825F68ED3D80F3B63D7C6ED4D98724F661192DA3B8D76DD40760AC27B48CF03BB2578573745F299FB717AAC748BDCEEB564B8FAFA
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{.&`...........!.................2... ...@....@.. ....................................@.................................L2..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H...........d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADPP)6..).........V ......]....}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~[...............7...L...2.......................".......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):213656
                                                                                                                                                                              Entropy (8bit):5.758954606756992
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:RK1c/KCOAUXk31Vv91GOtJJKuE1iA5mGPB8qd9OTymIpn+64kRAclDwRNG95ZI4v:8e9OAQsFtJrGPBnmIRZfp
                                                                                                                                                                              MD5:F4DDE4B23CC723B58CEA92EBC462E08B
                                                                                                                                                                              SHA1:6B4E215C3A51A3E490DAACFC052A4FB6324FA4C0
                                                                                                                                                                              SHA-256:B5815B129E8576C049CC2ADA7475C489903A3071B0F5A3522652CE74E791CB50
                                                                                                                                                                              SHA-512:CC9919D39A9CC58DD67C34246D4392CD9CDD15235DCDFA7DF6FEF7DB6FEABEB19E173B844032AB99A276FFC5AF1C8A2BEBE18FA1CF48CF2803927B3ACA0DF8BE
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......S...........!......... ........... ........@.. .......................@.......D....@.................................d...W........................2... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\Newtonsoft.Json.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):438424
                                                                                                                                                                              Entropy (8bit):6.099054633020526
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:XHerwzLkqCG3uKWf4g6tUwoOkErUx5/Rsnaszr0tZDPEaN+YB5+GonXo:XHerIacuKUtOkESbKQrvB5+Jo
                                                                                                                                                                              MD5:08017DE898A7F65407633C9303CA7D6D
                                                                                                                                                                              SHA1:7D2FC4518819C90E5855B250B2C60C195AD495D8
                                                                                                                                                                              SHA-256:DC74D9F3AB3357F4D808CBE45C36B81FEC7389DC775B6730BA41276EC0C22A76
                                                                                                                                                                              SHA-512:CB19868DE946C05F12869C5FC0A3D7A9B03D7A5165957BD0FF66AF6DFB5323EF3503BFDEB076D812EC2E13EA9514064F873C714D0C326E0895249B746C81845F
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.R...........!.....t............... ........... ..............................9T....@.....................................K.......8............~...2..........x................................................ ............... ..H............text....s... ...t.................. ..`.rsrc...8............v..............@..@.reloc...............|..............@..B........................H.......h...................X...P ......................................yK.N...f....i5.#I..xV. ..%BR..^.....t0"..z.%./.G'.j....{...2...k)w...'>.c..P..X.......n...h....E...ex..X/H].R.e.{..;&.-.'....{....*"..}....*V.(x.....(......}....*2.{....oy...*2.{....oz...*B..(....&..(....*...0...........oo........YE....}...............}...n...............n.......I...I...I...I...3...I...X...8D....t......{.....or...o{....ow.....+U..o|.....{.....o....oo...o}.....o....o....t.....o....o..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):465560
                                                                                                                                                                              Entropy (8bit):6.488267118880269
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:a04l3vaIgI6kGwOFVVw/c/1qRjzk619WWeNHjE6pi9ILaiVwr//ol:a04rvkzVw/c/glk619W7jE6pTAol
                                                                                                                                                                              MD5:1DD482A55C56D87111463B92DA716FC4
                                                                                                                                                                              SHA1:11EE880EBA036F71CE7D6785450EF881E653DA88
                                                                                                                                                                              SHA-256:FF655E6F9B541B9A89AE655E022F3C47809C574C7720C304DDB169A042C7E2B8
                                                                                                                                                                              SHA-512:1CB6643E9AA9CE89960FC9745ADF70B6967D983DE88AAF03BC7913E81B954598D506E4336B13877867FCB6D5A0FA091AAC709CDA8B1FDA4ECB5F0B4FF9CAA340
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Yara Hits:
                                                                                                                                                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe, Author: Joe Security
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...TKTf.................r...t.......... ........@.. .......................@............@.................................t...W........q...............2... ......<................................................ ............... ..H............text....q... ...r.................. ..`.rsrc....q.......r...t..............@..@.reloc....... ......................@..B........................H........+..Ld..........0e................................................~....}.....(......s....}......(....}....*br...p.{....(......(2...*.0..j..........{....rk..po....,.(.....+.(......r}..p(......(......r...p.{....o....o.......(........s.........oP.....z*..........UU......6r...p..(2...*.r...p.....*..{....*"..}....*..{....*"..}....*V.(......(......(....*6r...p..(2...*.0..3........(....( ...,..(.....(.....(!.......s^......oP....z*.........!!......6re..p..(2...*...0..M.......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe.config

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2024
                                                                                                                                                                              Entropy (8bit):5.02527233194571
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:c5+qM3DaaCpwAGWXIcaCqcCSxX8n6EVr6R841docr7S3tB:jV3mvhVXlvqIXirAN3r7sz
                                                                                                                                                                              MD5:3D76A30D386B8688E9334C5923F590AB
                                                                                                                                                                              SHA1:FEA39A901E38491CF18A18CF953181BA2484E070
                                                                                                                                                                              SHA-256:7BDCB19B91157275C8C46601FAE51123F958298B31FD94FFDBED0966BDE16D6E
                                                                                                                                                                              SHA-512:E2B5F4434E0D40277D35FC9513E526631307765FB49D85895C2A28584688784813A9DED74D95BB5152E543B03659119D4AE09C3BE9690EC426B4067571195E79
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ProdSettings" type="System.Configuration.NameValueSectionHandler"/>.. <section name="StagingSettings" type="System.Configuration.NameValueSectionHandler"/>.. </configSections>.. <ProdSettings>.. <add key="Installer" value="https://wcdownloadercdn.lavasoft.com/8.9.0.1091/WebCompanionInstaller-8.9.0.1091-prod.exe"/>.. <add key="WebProtectionZip" value="https://rt.webcompanion.com/notifications/download/rt/dci/latest/Webprotection.zip"/>.. <add key="InstallerZip" value="http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WebCompanion-8.9.0.1091-prod.zip"/>.. </ProdSettings>.. <StagingSettings>.. <add key="Installer" value="https://wcdownloader-qa.lavasoft.com/8.9.0.1091/WebCompanionInstaller-8.9.0.1091-internal.exe"/>.. <add key="WebProtectionZip" value="https://staging-webcompanion.lavasoft.net/dci/3.0.1.9/Webprotection.zip"/>.. <add key="InstallerZip" value="https://wcdown

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\de-DE\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                              Entropy (8bit):4.843340712421241
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:fV4qrZPdcVt8f2bMpLSpLwvdftwk0d7yF8YplOOoBeRKqBdLuEogll:fV4qrRdcVt8f2wpLS5wvdVCkLpljoBeR
                                                                                                                                                                              MD5:62641B61B17117E949125F8381A9B0C9
                                                                                                                                                                              SHA1:75E4441C1F941766150910B3032CF63E442A5718
                                                                                                                                                                              SHA-256:242DD8B995E99FBC3DC3CA7DA13707DB79FFB2510EC0ABB4E01FFF3B25C2C914
                                                                                                                                                                              SHA-512:5EC0BB33E0854215C38115F8D63BF2426B156268EFA9CB3B37169EDD0C9541F90356A8B0A15A5ED539CF9A50D358719786F7D39354172BCD9C582CF57335B8A2
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...TKTf...........!..... ..........N?... ...@....@.. ....................................@..................................>..S....@.......................`....................................................... ............... ..H............text...T.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B................0?......H........;..d...........P ..C...........................................?..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....E.......PADPADPP)6..).......n.....V ..(`5.........]....}........E(/...-.C.... ...#..S.n....xv.|.-.D...................w#(..X:..o.......V...h...................v..-../.x.EZ....1.N...D|-..... ...?.!..v"..v"..v"..v"..."...'vAw(...2c$Q:

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\en-US\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):9216
                                                                                                                                                                              Entropy (8bit):4.776178388140764
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:d4yy+cVgVxrbslCRp5w4F/QTEUM7YP9HrJxsjVPbukogll:d4yy+cVgVxrQlCRLw4FvgVKRDuE
                                                                                                                                                                              MD5:C3980F4DB7C85AB75DAF1E29FB6F6CAC
                                                                                                                                                                              SHA1:C4B62783B4F78EF1E963DBC690F1F872D1212D0A
                                                                                                                                                                              SHA-256:3519186DA8A23FB005E80A76FA3352D272CAEADB3D1188A96B5F35BDDBEC9B60
                                                                                                                                                                              SHA-512:FF6FA2F3C8AC79C640216C9DC5758FB128487A9D5D253E73BF73E96B3895CE4AD83414DC8049103035AD81FDC3978179D70B70213A032EC6129507832B257A1E
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...UKTf...........!.................;... ...@....@.. ....................................@.................................T;..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................;......H........7..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....C.......PADPADPP)6..).......n.....V ..(`5.........]....}........E(/...-.C.... ...#..S.n....xv.|.-.D...................w#(..X:..o.......V...h...............v..-../.x.EZ..N...D|-..... ...?.!..v"..v"..v"..v"..."...'vAw(...2c$Q:#Uv=..C?

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\es-ES\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                              Entropy (8bit):4.7257977942412825
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:NP4qrZPdcVkvZYbu7hKpSwa8R1XUAPLPgWYVyVSALuzogll:p4qrRdcVkvZYS7hKMwa8XUAzPpYoux
                                                                                                                                                                              MD5:B669A9A5A80BF6BD4D94910BE2635F52
                                                                                                                                                                              SHA1:708E1ADB50249B1557A99780B6B793076E6FF924
                                                                                                                                                                              SHA-256:E3F2FA90490738DCA2EC46E538351DE389EAE3E1B1C5D300914C53DFEEE364C6
                                                                                                                                                                              SHA-512:D38545DBE25BDF3BF81212F3A9D77B7FE89BBA42886360F5CD9F9A1463326DB250BA695C714DBBDD28886FC18A379993BE57521DFD7A641C5269403E97F51258
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...UKTf...........!..... ..........>>... ...@....@.. ....................................@..................................=..K....@.......................`....................................................... ............... ..H............text...D.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B................ >......H........:..d...........P ..<...........................................8..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....E.......PADPADPP)6..).......n.....V ..(`5.........]....}........E(/...-.C.... ...#..S.n....xv.|.-.D...................w#(..X:..o.......V...h...................v..-../.x.EZ....1.N...D|-..... ...?.!..v"..v"..v"..v"..."...'vAw(...2c$Q:

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\fr-CA\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                              Entropy (8bit):4.8391604963153565
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:W4qrZPdcVRVQBbLQX7pMwUHRvgWRU6ioQho1o4eAjuPogll:W4qrRdcVRVQBHQX7SwUHZg6sj+uV
                                                                                                                                                                              MD5:BC0DFAE7B20E072223AA453CCAF4838A
                                                                                                                                                                              SHA1:E2E6B1B2B998EAEAB9A23E4D835F2E400C174B78
                                                                                                                                                                              SHA-256:045AE0399517BEC418D5FFBBB631BEB1102619ECE7A06420EFF322C6A861DD03
                                                                                                                                                                              SHA-512:61AFCF913664FD7907FFEE409F814E395B89C62C24BE88E05723693B554A6C90B7362161A5D59341B6E90AA2A56B417A4D034A9220DA6E13C56693397276ACA6
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...UKTf...........!..... ...........?... ...@....@.. ....................................@..................................>..W....@.......................`....................................................... ............... ..H............text...4.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B.................?......H.......p;..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....E.......PADPADPP)6..).......n.....V ..(`5.........]....}........E(/...-.C.... ...#..S.n....xv.|.-.D...................w#(..X:..o.......V...h...................v..-../.x.EZ....1.N...D|-..... ...?.!..v"..v"..v"..v"..."...'vAw(...2c$Q:

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\it-IT\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):7680
                                                                                                                                                                              Entropy (8bit):4.4650012157322765
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:nCipngp9cqvLcMjJvGWIAvurzPPtK2DhzVYYfNFlRiu/9dqgll:nCipngp9cqT79fePtK2VRfvmuFogll
                                                                                                                                                                              MD5:0B00057C313E9CE00C356006C1E90CF6
                                                                                                                                                                              SHA1:10A90E70F2DE240574FB10A98FF8F1D71E651368
                                                                                                                                                                              SHA-256:D58498CDCB158B02CD1714504BDB82CD4EF8B76978157840453531D36DBA6A63
                                                                                                                                                                              SHA-512:27FA6A9D8A4909C6A8ADFEA47C1BA48C5EB66A98E76FBA2C6813590243AD39C3D43057B6421E4DC9FF1EDDABCAF02F75C7885550BE02C6A27BF982790C902C1F
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...UKTf...........!................^4... ...@....@.. ....................................@..................................4..W....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@4......H........0..d...........P ..O...........................................K..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADPP)6..).........V ......]....}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~[...............7...L...2.......................".......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\ja-JP\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                              Entropy (8bit):4.915711018214847
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:rJCi04kp2EvvBykfWWz435MIX7I2YaPegPqDmw430zlRZKuJ9dqgll:lCi04kp2EXBnOZ39XBi74kz8uDogll
                                                                                                                                                                              MD5:5CDF0342570C82ECFB3880CAB11915FE
                                                                                                                                                                              SHA1:0FAFAAD3C6B389BF85141527CB8C662AF8CD8F5C
                                                                                                                                                                              SHA-256:BA4331A2F01E08B836855C7957FA3147562D973FF235A965664790D9560B10E5
                                                                                                                                                                              SHA-512:32E3D65C97C244BF60FF529026E9B50B797561E96C2F9B50E5F5804C75E4A15E960066AFCC0D3E9590BDC52A61522F719DFF2B342E391892AF54FF778E56C0D3
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...UKTf...........!.................6... ...@....@.. ....................................@.................................86..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p6......H........2..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADPP)6..).........V ......]....}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~[...............7...L...2.......................".......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\pt-BR\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):8704
                                                                                                                                                                              Entropy (8bit):4.686773468305611
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:/lmcDiBsbb8inpYfv4DOh9mE/9uZogll:/lmcDiBsX8inGf6otuT
                                                                                                                                                                              MD5:AF759844AF10A79E85EFCFE8B0244562
                                                                                                                                                                              SHA1:F61F0AEB04954919C9403389AD89FFEE57BBB164
                                                                                                                                                                              SHA-256:F2FE883A71377D385B601B8789BA63122FC1634EAA45950F6B004481B7B08275
                                                                                                                                                                              SHA-512:961C1DB25B5CD3D65135E30F557E6C9C29B7F93BFB31D27EA1C2E839CA8A3A56D711F86FD42D6515D229C54A0955395D05040CD648D63BA38A74D3475DC41B41
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...UKTf...........!.................8... ...@....@.. ....................................@..................................8..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................8......H.......05..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....7.......PADPADPP)6..).......n.....V ..(`5.....]....}........E(/...-.C.... ...#..S.n....xv.|.-..X:..o.....V...h...................v..-../.x...1.D|-..... ...?.!..."...'vAw(...2c$Q:..C?.9.W*..Y`..[.F.^:1;j...pg.Jq..cv...w..~...~u.......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\ru-RU\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                              Entropy (8bit):4.9917825501585975
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:plmcDiBGb9+oLp1nNddaxbRFaKvisu1Cj1sJ4e4ucogll:plmcDiBGp+oLfntalaIip8j1g4Xu8
                                                                                                                                                                              MD5:1046CAE210AD5A1E1E2909D1290C73D9
                                                                                                                                                                              SHA1:C04BD4324EAFD96C2503542EF812EA3E9FC2682F
                                                                                                                                                                              SHA-256:666CDDA05D12788A04C4C0B76736CA817E8466615BB29B92DBCA61164F9A83E2
                                                                                                                                                                              SHA-512:9A758C09EE3167A2607EFF2CE36772A983C57F23398CDFD31C87F6F301DB09FAB9A1F5AB4AE8F3E016B87A0D2F672073A54E32911969F09551A02E90BD68D497
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...UKTf...........!..... ...........?... ...@....@.. ....................................@.................................`?..K....@.......................`....................................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B.................?......H........;..d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....7.......PADPADPP)6..).......n.....V ..(`5.....]....}........E(/...-.C.... ...#..S.n....xv.|.-..X:..o.....V...h...................v..-../.x...1.D|-..... ...?.!..."...'vAw(...2c$Q:..C?.9.W*..Y`..[.F.^:1;j...pg.Jq..cv...w..~...~u.......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\tr-TR\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):7680
                                                                                                                                                                              Entropy (8bit):4.755801272961169
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:+bCiAtapiUldvIVaaQo4jvD3WZhWWdurHlRDKus9dqgll8:+bCiAtapiUldspl4jvU6auSogll8
                                                                                                                                                                              MD5:D8527AA8356001CF26847AC729B34933
                                                                                                                                                                              SHA1:80436A4A8D42153A7CD97D7DCB28F62E51FBAD9B
                                                                                                                                                                              SHA-256:33EC86D27FC3E4AD65E6F5E89AC48F68FA3D9894EF853FEA957B34574D2BCB8D
                                                                                                                                                                              SHA-512:8E0D5BD8EEE637AA99135091D975140DA725ABED8D297759C82B57C3CFD18538186AAAF7686FF3B8C233AFE15006C582F878938DA6004AC12A5C73C9F0369330
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...UKTf...........!................N5... ...@....@.. ....................................@..................................5..K....@.......................`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................05......H........1..d...........P ..I...........................................E..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADPP)6..).........V ......]....}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~[...............7...L...2.......................".......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\zh-CHS\WebCompanionInstaller.resources.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):7168
                                                                                                                                                                              Entropy (8bit):4.920930133801368
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:hCipxlpiUZWp/ipoNK+zlG9CNkfuXogll:0ipxl8UU5qmlG9C8ud
                                                                                                                                                                              MD5:BA1D78B4935B6931D80258F92D80CC22
                                                                                                                                                                              SHA1:2D39DC3DA569E0BD2EF65A65FC6924CFBCD2ADA3
                                                                                                                                                                              SHA-256:509C466F32C35FCA0B0371F58D4668ECF7E950A0CF89B833BD2F0C4CEB659BFB
                                                                                                                                                                              SHA-512:E552096EF6350F335594BA1145D7A9838BD2F120B58EDC82BFBCBB5EE8C2A5BAEA55CA7A24874630548EF3260D95C54C639304D94EA031642587EAC2CEA80F2B
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...UKTf...........!.................2... ...@....@.. ....................................@.................................H2..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H...........d...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....+.......PADPADPP)6..).........V ......]....}..........-.C.... ...#..S.n....xv.|.-..X:.....V...h...................v..-....1.D|-.. ...?.!..."vAw(...2..C?.9.W.F.^:1;j...p..cv..~...~[...............7...L...2.......................".......

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\WcInstaller.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):311
                                                                                                                                                                              Entropy (8bit):5.07665752010542
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:HGlRI1DviqOXFdZzFsOXLKcXl2jIbQDviqOXFmBU4XMOXLcU/LT03s9:HGvI9aTXFdZpdX+AY0IaTXFUU4X9XIWH
                                                                                                                                                                              MD5:BC5AEC9AB0C38E12D414AB1B01A2D85E
                                                                                                                                                                              SHA1:B4D02BA98D069445FF2007797934EB63EBFA9F43
                                                                                                                                                                              SHA-256:938FDE948C4DB552C1F14AD1A60109F62C195937CDC23D561A49713D9DF038A3
                                                                                                                                                                              SHA-512:6F39BE6A5CE8025F2FBF5DC0A0AB5E2AD85565C1128D64ED2386EE8F4AF1A754F734F4A379A5BD413E1DC7EA2760C5E948C003E1F9437D3043EC7E82306E5546
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:Detecting windows culture..08/11/2024 10:16:58 :-> Starting installer 8.9.0.1091 with: .\WebCompanionInstaller.exe, Run as admin: True..Detecting windows culture..08/11/2024 10:17:04 :-> Starting installer 7.0.2417.4248 with: .\WebCompanionInstaller.exe --prod --nanouniqueid=1731079018259, Run as admin: True..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):506240
                                                                                                                                                                              Entropy (8bit):7.614201755335798
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:5G5knZfFKese08S9/OMG20CtWgJna4SWZ:5G50ZfFKVASfGhKJa4fZ
                                                                                                                                                                              MD5:3662CA255599DB5161CDE52E1DE102A7
                                                                                                                                                                              SHA1:E2CC334E1280B1629C90E82842F562F10F81AD60
                                                                                                                                                                              SHA-256:60483773ECD9CDB8D2F7F373C5D6F880179DA0720C3726D56D5A176165965CB1
                                                                                                                                                                              SHA-512:2A759642896C03C6CD70838D17FC60D6B267414253E374723A12E67394356E4F682FE6824B1F9BAD9979619352F27B42EA44698272AD7B3CAB377A1F0DB4E279
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 27%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s..c}...s..Yy...s..w,...s...r./.s..w....s..Yx...s.......s.......s.Zyu...s.Rich..s.................PE..L.....M........../..................H............@.............................................................................d....p...q.......... ...`............................................................................................text............................... ..`.rdata...D.......F..................@..@.data...hZ.......2..................@....sxdata......`......................@....rsrc....q...p...r..................@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\Desktop\cmdline.out

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:modified
                                                                                                                                                                              Size (bytes):1432
                                                                                                                                                                              Entropy (8bit):3.9038549169896926
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:xVxs1LXxePgO/V2r4+Ot6QBJtyjOEV25W:Pxs90N2r4PUQBGjOW2A
                                                                                                                                                                              MD5:2C10B12917ED32E83DCBDD2A4E7A5565
                                                                                                                                                                              SHA1:1328844F505284D08703F462094C55FB21D5E30A
                                                                                                                                                                              SHA-256:8AB510C146999A511B22A687EF55D6427A1729BF8910F61BD2B53C280B70A60C
                                                                                                                                                                              SHA-512:F354D338FCF3DE271560035E14394F03C57AF65A18B38A7EFB2FB14CCA51230139C00FDB6E37ED22019887EC05967C103C5928EA77E5B942BFE9069711EB6809
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:--2024-11-08 10:16:53-- http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe..Resolving wcdownloadercdn.lavasoft.com (wcdownloadercdn.lavasoft.com)... 104.16.148.130, 104.16.149.130..Connecting to wcdownloadercdn.lavasoft.com (wcdownloadercdn.lavasoft.com)|104.16.148.130|:80... connected...HTTP request sent, awaiting response... 200 OK..Length: 551822 (539K) [application/x-msdos-program]..Saving to: 'C:/Users/user/Desktop/download/WcInstaller.exe'.... 0K .......... .......... .......... .......... .......... 9% 213K 2s.. 50K .......... .......... .......... .......... .......... 18% 428K 2s.. 100K .......... .......... .......... .......... .......... 27% 12.0M 1s.. 150K .......... .......... .......... .......... .......... 37% 21.0M 1s.. 200K .......... .......... .......... .......... .......... 46% 444K 1s.. 250K .......... .......... .......... .......... .......... 55% 10.5M 0s.. 300K .......... .......... .......... .......... .......... 64% 4

                                                                                                                                                                              C:\Users\user\Desktop\download\WcInstaller.exe

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\SysWOW64\wget.exe
                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):551822
                                                                                                                                                                              Entropy (8bit):7.661947192489197
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:UG5knZfFKegSJuvpbGH5ohK1JeUeAiZkwBxGtlwE7kRhMO3c8P:UG50ZfFKpPvNKzjeAATGtlwE4LMOM8P
                                                                                                                                                                              MD5:867A91A0D1D0A8C6FE8431BD1C3764C3
                                                                                                                                                                              SHA1:BE6AF55007EC3E750BB398F35968EF63507B42F3
                                                                                                                                                                              SHA-256:703A8460E1A86145C1D13AD75C6C31D101E1618CB7C56A2B0E14A56F0C585287
                                                                                                                                                                              SHA-512:1B3E8BEF09644BAC1EB314562FBFA26286A121F48B4B9C6961485BA9752B8665B7F2565C93B561CD4F403F26122A5C302E07DB56911C924F751B3A40C6DFABE7
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s..c}...s..Yy...s..w,...s...r./.s..w....s..Yx...s.......s.......s.Zyu...s.Rich..s.................PE..L.....M........../..................H............@.................................7...........................................d....p...q...........................................................................................................text............................... ..`.rdata...D.......F..................@..@.data...hZ.......2..................@....sxdata......`......................@....rsrc....q...p...r..................@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):472
                                                                                                                                                                              Entropy (8bit):3.2403854619597166
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:s6v+KtDK+w/OlD2Ll52nmQHJkcL5nQa1Q2cL5BKh:Tk+pDMlAGcLWb2cLb
                                                                                                                                                                              MD5:00DE8B07F29D9D6C73C75BE45E8186B6
                                                                                                                                                                              SHA1:8B4B803ED6B0D88C6B952B7C053B91E50045F092
                                                                                                                                                                              SHA-256:1A3F585849C15743F38BF57C66E72E4442724AFB2CDF2B05C419CF4EC086AEE7
                                                                                                                                                                              SHA-512:1015B19448B6EBFC8E3A371D6A0C0E3C1144658DE233BD6AA4F8C21505F303CC21F89527A4AB42CE02CBA6528CDD7B6F1360DA673BCAE536664F6D44EB552212
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:..................................?H..........................f.i.l.e.:./././.C.:./.U.s.e.r.s./.e.n.g.i.n.e.e.r./.A.p.p.D.a.t.a./.L.o.c.a.l./.T.e.m.p./.7.z.S.C.1.9.C.A.B.7.E./.W.e.b.C.o.m.p.a.n.i.o.n.I.n.s.t.a.l.l.e.r...e.x.e...C.o.n.f.i.g...........P.o.l.i.c.y.S.t.a.t.e.m.e.n.t....v.e.r.s.i.o.n...1....P.e.r.m.i.s.s.i.o.n.S.e.t....c.l.a.s.s...S.y.s.t.e.m...S.e.c.u.r.i.t.y...P.e.r.m.i.s.s.i.o.n.S.e.t....v.e.r.s.i.o.n...1....U.n.r.e.s.t.r.i.c.t.e.d...t.r.u.e............

                                                                                                                                                                              C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):472
                                                                                                                                                                              Entropy (8bit):3.2403854619597166
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:s6v+KtDK+w/OlD2Ll52nmQHJkcL5nQa1Q2cL5BKh:Tk+pDMlAGcLWb2cLb
                                                                                                                                                                              MD5:00DE8B07F29D9D6C73C75BE45E8186B6
                                                                                                                                                                              SHA1:8B4B803ED6B0D88C6B952B7C053B91E50045F092
                                                                                                                                                                              SHA-256:1A3F585849C15743F38BF57C66E72E4442724AFB2CDF2B05C419CF4EC086AEE7
                                                                                                                                                                              SHA-512:1015B19448B6EBFC8E3A371D6A0C0E3C1144658DE233BD6AA4F8C21505F303CC21F89527A4AB42CE02CBA6528CDD7B6F1360DA673BCAE536664F6D44EB552212
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:..................................?H..........................f.i.l.e.:./././.C.:./.U.s.e.r.s./.e.n.g.i.n.e.e.r./.A.p.p.D.a.t.a./.L.o.c.a.l./.T.e.m.p./.7.z.S.C.1.9.C.A.B.7.E./.W.e.b.C.o.m.p.a.n.i.o.n.I.n.s.t.a.l.l.e.r...e.x.e...C.o.n.f.i.g...........P.o.l.i.c.y.S.t.a.t.e.m.e.n.t....v.e.r.s.i.o.n...1....P.e.r.m.i.s.s.i.o.n.S.e.t....c.l.a.s.s...S.y.s.t.e.m...S.e.c.u.r.i.t.y...P.e.r.m.i.s.s.i.o.n.S.e.t....v.e.r.s.i.o.n...1....U.n.r.e.s.t.r.i.c.t.e.d...t.r.u.e............

                                                                                                                                                                              C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch (copy)

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):472
                                                                                                                                                                              Entropy (8bit):3.2403854619597166
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:s6v+KtDK+w/OlD2Ll52nmQHJkcL5nQa1Q2cL5BKh:Tk+pDMlAGcLWb2cLb
                                                                                                                                                                              MD5:00DE8B07F29D9D6C73C75BE45E8186B6
                                                                                                                                                                              SHA1:8B4B803ED6B0D88C6B952B7C053B91E50045F092
                                                                                                                                                                              SHA-256:1A3F585849C15743F38BF57C66E72E4442724AFB2CDF2B05C419CF4EC086AEE7
                                                                                                                                                                              SHA-512:1015B19448B6EBFC8E3A371D6A0C0E3C1144658DE233BD6AA4F8C21505F303CC21F89527A4AB42CE02CBA6528CDD7B6F1360DA673BCAE536664F6D44EB552212
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:..................................?H..........................f.i.l.e.:./././.C.:./.U.s.e.r.s./.e.n.g.i.n.e.e.r./.A.p.p.D.a.t.a./.L.o.c.a.l./.T.e.m.p./.7.z.S.C.1.9.C.A.B.7.E./.W.e.b.C.o.m.p.a.n.i.o.n.I.n.s.t.a.l.l.e.r...e.x.e...C.o.n.f.i.g...........P.o.l.i.c.y.S.t.a.t.e.m.e.n.t....v.e.r.s.i.o.n...1....P.e.r.m.i.s.s.i.o.n.S.e.t....c.l.a.s.s...S.y.s.t.e.m...S.e.c.u.r.i.t.y...P.e.r.m.i.s.s.i.o.n.S.e.t....v.e.r.s.i.o.n...1....U.n.r.e.s.t.r.i.c.t.e.d...t.r.u.e............

                                                                                                                                                                              C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch (copy)

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe
                                                                                                                                                                              File Type:data
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):472
                                                                                                                                                                              Entropy (8bit):3.2403854619597166
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12:s6v+KtDK+w/OlD2Ll52nmQHJkcL5nQa1Q2cL5BKh:Tk+pDMlAGcLWb2cLb
                                                                                                                                                                              MD5:00DE8B07F29D9D6C73C75BE45E8186B6
                                                                                                                                                                              SHA1:8B4B803ED6B0D88C6B952B7C053B91E50045F092
                                                                                                                                                                              SHA-256:1A3F585849C15743F38BF57C66E72E4442724AFB2CDF2B05C419CF4EC086AEE7
                                                                                                                                                                              SHA-512:1015B19448B6EBFC8E3A371D6A0C0E3C1144658DE233BD6AA4F8C21505F303CC21F89527A4AB42CE02CBA6528CDD7B6F1360DA673BCAE536664F6D44EB552212
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:..................................?H..........................f.i.l.e.:./././.C.:./.U.s.e.r.s./.e.n.g.i.n.e.e.r./.A.p.p.D.a.t.a./.L.o.c.a.l./.T.e.m.p./.7.z.S.C.1.9.C.A.B.7.E./.W.e.b.C.o.m.p.a.n.i.o.n.I.n.s.t.a.l.l.e.r...e.x.e...C.o.n.f.i.g...........P.o.l.i.c.y.S.t.a.t.e.m.e.n.t....v.e.r.s.i.o.n...1....P.e.r.m.i.s.s.i.o.n.S.e.t....c.l.a.s.s...S.y.s.t.e.m...S.e.c.u.r.i.t.y...P.e.r.m.i.s.s.i.o.n.S.e.t....v.e.r.s.i.o.n...1....U.n.r.e.s.t.r.i.c.t.e.d...t.r.u.e............

                                                                                                                                                                              Static File Info

                                                                                                                                                                              No static file info

                                                                                                                                                                              Network Behavior

                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                              2024-11-08T16:17:12.836991+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.649770TCP
                                                                                                                                                                              2024-11-08T16:17:50.603992+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.649975TCP

                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                              TCP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Nov 8, 2024 16:16:55.001512051 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.006603956 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.007726908 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.008887053 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.013767958 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.666589975 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.666623116 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.666649103 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.666661024 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.666671991 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.666683912 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.666697025 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.666708946 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.666721106 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.666733980 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.666810989 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.666810989 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.666810989 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.669351101 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.671648979 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.671660900 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.671673059 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.671716928 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.717597008 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.783792973 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.783823013 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.783834934 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.783847094 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.783859968 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.783885956 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.783922911 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.784091949 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.784136057 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.784172058 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.784198046 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.784212112 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.784224987 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.784240007 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.784266949 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.784980059 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.784991980 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.785017967 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.785033941 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.785037041 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.785047054 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.785070896 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.785914898 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.785927057 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.785939932 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.785969019 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.786005020 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.786040068 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.786501884 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.786514044 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.786525965 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.786540031 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.786551952 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.786577940 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.901202917 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.901237965 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.901249886 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.901262999 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.901274920 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.901320934 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.901357889 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.901379108 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.901392937 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.901422024 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.901457071 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.901468039 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.901498079 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.901873112 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.901885033 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.901897907 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.901920080 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.901935101 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.902175903 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.902189016 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.902204037 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.902244091 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.902268887 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.902281046 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.902295113 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.902307987 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.902308941 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.902339935 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.903054953 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.903079033 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.903091908 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.903114080 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.903141022 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.903178930 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.903191090 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.903203011 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.903217077 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.903240919 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.903265953 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.903907061 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.903935909 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.903948069 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.903975010 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.904026985 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.904040098 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.904053926 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.904066086 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.904067993 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.904093981 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.904791117 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.904809952 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.904823065 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.904845953 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.904860973 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.904894114 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.904906034 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.904921055 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.904942036 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.904952049 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.904980898 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.905731916 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.905742884 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.905754089 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.905783892 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.905798912 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.905803919 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.905813932 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:55.905833960 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:55.905858994 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.018656969 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018680096 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018713951 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018733025 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018738031 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.018760920 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018773079 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018781900 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.018786907 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018801928 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018817902 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018826962 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.018831968 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018846035 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018852949 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.018860102 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018873930 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018877983 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.018904924 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.018984079 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.018996000 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019015074 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019026995 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019026995 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.019062996 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.019246101 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019280910 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019294024 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019294024 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.019319057 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019332886 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.019349098 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019364119 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019398928 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.019402981 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019416094 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019428015 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019439936 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019448996 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.019471884 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.019934893 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019948006 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019961119 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.019987106 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.020010948 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.020061970 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020104885 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020119905 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020143986 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.020201921 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020214081 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020241976 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020245075 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.020255089 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020281076 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020286083 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.020294905 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020344973 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.020764112 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020777941 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020791054 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020808935 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.020838022 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.020839930 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020853996 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020865917 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020879984 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020895958 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.020926952 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.020937920 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020952940 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020965099 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020976067 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020987988 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.020992994 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.021017075 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.021660089 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.021676064 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.021692038 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.021712065 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.021723032 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.021734953 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.021747112 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.021749020 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.021765947 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.021774054 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.021810055 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.021845102 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.021857023 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.021874905 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.021888018 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.021889925 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.021899939 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.021913052 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.021941900 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.021966934 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.022619009 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.022633076 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.022660971 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.022674084 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.022679090 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.022687912 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.022699118 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.022721052 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.022721052 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.022744894 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.022793055 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.022809029 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.022823095 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.022838116 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.022842884 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.022850990 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.022865057 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.022871017 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.022897959 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.023561001 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.023582935 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.023598909 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.023607016 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.023637056 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.023638964 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.023649931 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.023663044 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.023677111 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.023684025 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.023720026 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.023724079 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.023756981 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.023768902 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.023782015 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.023793936 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.023796082 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.023811102 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.023823977 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.023858070 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.024580002 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.024595976 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.024606943 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.024631977 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.076958895 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.135662079 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135684967 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135710955 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135746956 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135756016 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.135771036 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135787964 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135802031 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135811090 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.135821104 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135840893 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.135859966 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.135864973 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135898113 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135911942 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135926008 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135938883 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.135941982 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135986090 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.135997057 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.136002064 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136017084 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136027098 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.136034966 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136059999 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.136065960 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136080027 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136092901 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136106014 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.136109114 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136147976 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.136581898 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136600018 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136636972 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.136744022 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136759043 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136774063 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136787891 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.136790037 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136806965 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136815071 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.136820078 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136837006 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.136866093 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.136878014 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.137204885 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137221098 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137233973 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137247086 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137258053 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137264013 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137264967 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.137291908 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.137320042 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.137347937 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137358904 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137371063 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137382984 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137396097 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137399912 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.137415886 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137427092 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137428999 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.137442112 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137456894 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137458086 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.137469053 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137480974 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137489080 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.137492895 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137506008 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137511969 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.137521982 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137535095 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.137541056 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.137561083 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.141115904 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141144991 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141164064 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141180038 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141185999 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.141196966 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.141251087 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141267061 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141293049 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141315937 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141330957 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141345024 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141360044 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141374111 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141391039 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141406059 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141419888 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141434908 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141463995 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.141510010 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.141890049 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141937017 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141952038 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.141964912 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.141993046 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142014027 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142014980 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142030001 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142045021 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142054081 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142060041 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142075062 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142082930 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142116070 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142121077 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142137051 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142153025 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142168045 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142179966 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142183065 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142200947 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142215014 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142227888 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142247915 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142256975 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142271996 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142303944 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142307997 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142318964 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142333984 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142345905 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142349958 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142365932 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142376900 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142380953 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142400026 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142412901 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142416000 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142441034 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142450094 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142472029 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142497063 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142503977 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142519951 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142537117 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142544985 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142554998 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142570019 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142581940 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142584085 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142599106 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142613888 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142613888 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142651081 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142651081 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142666101 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142679930 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142690897 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142694950 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142710924 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142720938 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142744064 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142762899 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142766953 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142782927 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142796993 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142811060 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142821074 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142826080 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142841101 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142843008 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142858028 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142873049 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142879009 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142887115 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142906904 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142930984 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142935991 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142950058 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142961979 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142972946 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142986059 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.142997026 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.142999887 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143014908 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143028021 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143028021 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143044949 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143048048 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143074989 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143090010 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143104076 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143115044 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143126011 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143137932 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143138885 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143147945 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143152952 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143165112 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143177986 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143182039 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143191099 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143203020 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143217087 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143219948 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143229961 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143243074 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143249989 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143259048 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143270969 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143274069 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143287897 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143297911 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143300056 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143322945 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143347979 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143347979 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143357992 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143371105 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143383026 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143397093 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143402100 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143413067 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143424988 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.143429041 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.143456936 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.186372042 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.252964020 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.252994061 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253006935 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253031969 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253052950 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253065109 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253074884 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253087044 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253097057 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253102064 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253138065 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253151894 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253164053 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253164053 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253176928 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253184080 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253194094 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253206968 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253213882 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253221035 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253235102 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253246069 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253247976 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253267050 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253290892 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253303051 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253309965 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253321886 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253333092 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253344059 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253350973 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253357887 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253380060 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253386974 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253400087 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253407001 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253418922 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253437996 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253443956 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253451109 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253463984 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253473997 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253477097 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253492117 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253504992 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253506899 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253518105 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253529072 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253530025 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253535986 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253555059 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253566027 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253578901 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253592014 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253603935 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253604889 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253616095 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253628969 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253640890 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253667116 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253667116 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253680944 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253695965 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253699064 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253712893 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253731966 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253743887 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253746986 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253757954 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253768921 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253777027 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253810883 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253864050 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253875971 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253886938 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253906965 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253914118 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253921986 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253933907 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253947973 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253948927 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.253962994 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.253985882 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254005909 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254019022 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254019022 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254033089 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254046917 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254060030 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254060030 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254075050 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254084110 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254090071 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254117012 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254123926 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254163027 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254209042 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254221916 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254235029 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254247904 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254267931 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254276991 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254292965 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254306078 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254317045 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254317999 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254324913 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254332066 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254393101 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254393101 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254431009 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254443884 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254456997 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254475117 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254491091 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254532099 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254549026 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254565954 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254579067 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254597902 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254609108 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254611969 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254626036 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254636049 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254636049 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254642010 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254658937 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254683971 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254688978 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254698038 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254712105 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254724026 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254735947 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254750967 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254772902 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254791975 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254816055 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254829884 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254842043 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254853964 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254859924 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254868031 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254880905 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254884005 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254895926 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254916906 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254935980 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254940987 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254954100 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254965067 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.254971027 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.254978895 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255003929 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255054951 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255085945 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255099058 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255126953 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255141973 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255191088 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255203962 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255214930 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255220890 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255232096 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255244017 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255258083 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255259991 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255280972 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255286932 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255300999 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255300999 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255322933 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255326033 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255336046 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255347013 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255361080 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255373001 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255377054 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255388021 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255405903 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255435944 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255443096 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255448103 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255461931 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255466938 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255474091 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255487919 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255513906 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255526066 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255537987 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255546093 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255556107 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255568981 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255573034 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255583048 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255595922 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255608082 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255608082 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255609035 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255623102 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255625010 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255640030 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255654097 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255677938 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255713940 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255724907 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255737066 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255748987 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255764961 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255826950 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255842924 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255855083 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255867004 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255877972 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255889893 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255902052 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.255906105 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255933046 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255943060 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.255961895 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.256066084 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256077051 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256088018 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256103039 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256120920 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.256130934 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.256134987 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256150961 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256162882 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256175995 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256186962 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.256187916 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256201982 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256206989 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.256212950 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256227016 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.256227016 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256242037 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256253958 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256256104 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.256264925 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.256268978 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256279945 CET8049711104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:56.256295919 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.256333113 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.258060932 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:56.333699942 CET4971180192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:59.950757980 CET4971380192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:59.955811024 CET8049713104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:59.955985069 CET4971380192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:59.956182957 CET4971380192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:59.960982084 CET8049713104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:59.961178064 CET4971380192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:16:59.966133118 CET8049713104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:00.692257881 CET8049713104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:00.733326912 CET4971380192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:01.177969933 CET4971480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:17:01.182899952 CET804971464.18.87.81192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:01.182982922 CET4971480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:17:01.187124014 CET4971480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:17:01.187199116 CET4971480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:17:01.192011118 CET804971464.18.87.81192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:01.192066908 CET804971464.18.87.81192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:01.863668919 CET804971464.18.87.81192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:01.863888979 CET804971464.18.87.81192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:01.863981962 CET4971480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:17:02.057575941 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.062568903 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.062653065 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.062747002 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.067847013 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.829586029 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.829626083 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.829647064 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.829665899 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.829678059 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.829690933 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.829703093 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.829716921 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.829730034 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.829742908 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.829752922 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.829843044 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.829843044 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.834758043 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.834773064 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.834784031 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.834830999 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.834940910 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.834985971 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.953447104 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.953558922 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.953571081 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.953617096 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.953865051 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.953877926 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.953917980 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.954246044 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.954257965 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.954272985 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.954284906 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.954288960 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.954299927 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.954323053 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.954349041 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.954947948 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.955041885 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.955054045 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.955066919 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.955079079 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.955091000 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.955096006 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.955142975 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.955142975 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.955915928 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.955929041 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.955940962 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.955981016 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.956012964 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.956032038 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.956063986 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.956773996 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.956787109 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.956800938 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.956834078 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.956850052 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:02.958450079 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.958559036 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:02.958615065 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.077481031 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.077514887 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.077528000 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.077539921 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.077557087 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.077558994 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.077572107 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.077601910 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.077611923 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.077683926 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.077711105 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.077728033 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.077755928 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.077915907 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.077928066 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.077944040 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.077976942 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.078015089 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.078046083 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078098059 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078109980 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078147888 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.078294992 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078309059 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078320026 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078349113 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.078377962 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.078430891 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078458071 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078473091 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078499079 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.078675032 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078697920 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078716040 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078727007 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.078728914 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078743935 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.078758955 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.078785896 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.078999043 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.079027891 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.079041958 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.079072952 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.079231977 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.079245090 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.079257965 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.079282999 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.079292059 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.079304934 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.079325914 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.079329014 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.079341888 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.079349995 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.079390049 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.079401970 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.079412937 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.079452038 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.079971075 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.079989910 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.080003023 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.080015898 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.080029011 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.080046892 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.080058098 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.080065012 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.080077887 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.080089092 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.080106020 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.080108881 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.080118895 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.080132961 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.080135107 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.080168962 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.080713034 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.080759048 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.082463026 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.082561016 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.082575083 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.082598925 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.082612991 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.082638979 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.201560020 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201591015 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201622009 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201636076 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201653004 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201678038 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201689959 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201704025 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201730013 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201746941 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201755047 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.201761961 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201773882 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201776981 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.201786041 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.201787949 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201821089 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.201824903 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201838970 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201868057 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201869965 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.201883078 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201898098 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201910019 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201916933 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.201925039 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.201939106 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.201970100 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202028990 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202042103 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202054024 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202061892 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202074051 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202092886 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202095985 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202121019 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202130079 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202132940 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202143908 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202147007 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202179909 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202183962 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202198029 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202219963 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202229977 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202234983 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202265024 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202269077 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202310085 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202356100 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202380896 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202393055 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202421904 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202488899 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202513933 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202526093 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202526093 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202542067 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202558994 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202568054 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202573061 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202585936 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202600956 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202630997 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202640057 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202651024 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202672958 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202692032 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202692986 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202704906 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202718019 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202727079 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202730894 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202744007 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.202759027 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.202788115 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.206969976 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.206999063 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207017899 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207062960 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207075119 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207078934 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207094908 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207108021 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207118988 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207119942 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207134008 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207135916 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207148075 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207160950 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207170010 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207174063 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207185030 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207191944 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207196951 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207210064 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207216024 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207242012 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207251072 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207257032 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207272053 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207283974 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207318068 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207457066 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207470894 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207483053 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207494974 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207515955 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207525015 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207535028 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207536936 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207551003 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207576990 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207577944 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207592010 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207602978 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207614899 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207617044 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207628012 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207648039 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207653999 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207668066 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207669973 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207679987 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207694054 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207705021 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207709074 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207722902 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207735062 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207762003 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207892895 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207942963 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207953930 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.207983017 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.207994938 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208008051 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208017111 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208029032 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208036900 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.208055019 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.208121061 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208132982 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208143950 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208158016 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.208170891 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208184004 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208187103 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.208195925 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208209038 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208220005 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208220959 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.208233118 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208245993 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.208247900 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.208275080 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.248944044 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.325494051 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325522900 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325546980 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325567961 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325582981 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325612068 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325632095 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325639009 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.325654984 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325668097 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.325676918 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325691938 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325709105 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325716019 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.325723886 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325731993 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.325738907 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325764894 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.325773001 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325787067 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325807095 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325825930 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325828075 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.325844049 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325850010 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.325875998 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325890064 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325891972 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.325903893 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325918913 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325933933 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.325949907 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325958967 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.325970888 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325985909 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.325998068 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326011896 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326014042 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326042891 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326045990 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326061964 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326092005 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326096058 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326114893 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326128960 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326138020 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326143026 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326168060 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326169968 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326188087 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326203108 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326220036 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326224089 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326236963 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326244116 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326250076 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326265097 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326277018 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326278925 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326288939 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326308012 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326320887 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326334953 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326353073 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326355934 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326375008 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326375961 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326390982 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326404095 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326421976 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326436996 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326446056 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326451063 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326464891 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326478004 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326491117 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326503038 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326504946 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326525927 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326535940 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326548100 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326561928 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326562881 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326575041 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326590061 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326601982 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326608896 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326615095 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326630116 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326643944 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326649904 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326658964 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326673031 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326685905 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326693058 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326699972 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326715946 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326726913 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326740980 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326746941 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326771975 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326783895 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326786995 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326811075 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326827049 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326838017 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326848984 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326853991 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326867104 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326878071 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326881886 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326905966 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326913118 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326920033 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326932907 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326942921 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326946020 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326960087 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326972961 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.326977015 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.326986074 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327032089 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327039003 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327049971 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327060938 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327096939 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327109098 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327121973 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327147961 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327158928 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327183008 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327193975 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327223063 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327225924 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327236891 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327250004 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327265024 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327327967 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327339888 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327352047 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327363968 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327372074 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327393055 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327446938 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327460051 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327471018 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327491999 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327512026 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327513933 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327524900 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327533960 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327538013 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327552080 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327564955 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327579975 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327590942 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327590942 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327606916 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327625990 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327635050 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327637911 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327651978 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327666044 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327692986 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327728987 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327728987 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327743053 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327754974 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327768087 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327780962 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327781916 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327811003 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327830076 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327843904 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327855110 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327867031 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327874899 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327879906 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327893019 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327918053 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327946901 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327960014 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327960968 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.327975988 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.327989101 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328001022 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328002930 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328015089 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328027010 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328027964 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328054905 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328090906 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328103065 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328119993 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328131914 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328144073 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328160048 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328178883 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328190088 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328192949 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328203917 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328217030 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328243971 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328248978 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328258038 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328284979 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328285933 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328299999 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328313112 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328330040 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328356981 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328357935 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328372002 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328391075 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328413010 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328448057 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328461885 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328474045 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328485966 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328507900 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328512907 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328525066 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328527927 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328540087 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328571081 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328618050 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328629971 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328640938 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328654051 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328656912 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328670025 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328682899 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328684092 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328711987 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328717947 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328726053 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328737020 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328753948 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328783035 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328790903 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328803062 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328814983 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328841925 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328850985 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328856945 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328883886 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328885078 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328900099 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328910112 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328922987 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.328927994 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.328958988 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.329011917 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.329230070 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449301958 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449369907 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449400902 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449414968 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449429035 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449443102 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449455976 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449486017 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449500084 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449511051 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449523926 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449531078 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449536085 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449569941 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449592113 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449600935 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449616909 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449630976 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449644089 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449656963 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449661016 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449683905 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449685097 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449709892 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449722052 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449732065 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449733973 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449748039 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449759007 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449760914 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449773073 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449790001 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449795961 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449815989 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449827909 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449832916 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449841022 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449856997 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449862957 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449879885 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449899912 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449908018 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449922085 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449935913 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449949026 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449960947 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.449969053 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.449975014 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450005054 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450016022 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450027943 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450041056 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450052023 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450056076 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450084925 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450087070 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450098038 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450109959 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450125933 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450131893 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450139046 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450151920 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450160027 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450171947 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450182915 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450187922 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450212955 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450218916 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450226068 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450237989 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450252056 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450264931 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450269938 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450299025 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450310946 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450364113 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450376987 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450388908 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450401068 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450412989 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450419903 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450443983 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450445890 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450462103 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450473070 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450485945 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450494051 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450496912 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450506926 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450515032 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450522900 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450535059 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450560093 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450567961 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450579882 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450582027 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450592995 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450606108 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450612068 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450640917 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450798988 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450812101 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450829029 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450841904 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450872898 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.450947046 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450964928 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450982094 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.450994968 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451009035 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451020956 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451020956 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451037884 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451047897 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451051950 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451070070 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451098919 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451106071 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451119900 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451132059 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451144934 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451158047 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451169968 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451184988 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451189041 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451204062 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451217890 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451231003 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451236010 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451247931 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451272964 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451281071 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451293945 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451299906 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451307058 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451339960 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451344013 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451355934 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451364040 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451371908 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451385975 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451385975 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451399088 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451416016 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451431036 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451445103 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451446056 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451462030 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451487064 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451497078 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451517105 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451525927 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451538086 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451541901 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451551914 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451561928 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451570034 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451575994 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451596975 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451607943 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451615095 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451623917 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451644897 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451658964 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451673031 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451692104 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451700926 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451704025 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451718092 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451729059 CET8049716104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:03.451749086 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451772928 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451781988 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.451898098 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.676400900 CET4971680192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:03.676474094 CET4971480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:17:03.676583052 CET4971380192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:06.058928013 CET4973780192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:06.063851118 CET8049737104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:06.063956976 CET4973780192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:06.064235926 CET4973780192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:06.069011927 CET8049737104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:06.421000004 CET4973780192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:06.425818920 CET8049737104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:06.659539938 CET8049737104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:06.702083111 CET4973780192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:06.789387941 CET8049737104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:06.842756987 CET4973780192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:17:07.149368048 CET4974480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:17:07.172698975 CET804974464.18.87.81192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:07.172785997 CET4974480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:17:07.177953005 CET4974480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:17:07.182775021 CET804974464.18.87.81192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:07.530432940 CET4974480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:17:07.535222054 CET804974464.18.87.81192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:07.848953009 CET804974464.18.87.81192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:07.851221085 CET804974464.18.87.81192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:07.851320028 CET4974480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:17:07.851484060 CET804974464.18.87.81192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:07.905262947 CET4974480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:17:12.894634008 CET804974464.18.87.81192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:12.894702911 CET4974480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:18:07.162663937 CET4973780192.168.2.6104.16.148.130
                                                                                                                                                                              Nov 8, 2024 16:18:07.162755013 CET4974480192.168.2.664.18.87.81
                                                                                                                                                                              Nov 8, 2024 16:18:07.167648077 CET804974464.18.87.81192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:18:07.167978048 CET8049737104.16.148.130192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:18:07.168041945 CET4973780192.168.2.6104.16.148.130

                                                                                                                                                                              UDP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Nov 8, 2024 16:16:54.988768101 CET6451053192.168.2.61.1.1.1
                                                                                                                                                                              Nov 8, 2024 16:16:54.997338057 CET53645101.1.1.1192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:16:59.930027962 CET5253153192.168.2.61.1.1.1
                                                                                                                                                                              Nov 8, 2024 16:16:59.938311100 CET53525311.1.1.1192.168.2.6
                                                                                                                                                                              Nov 8, 2024 16:17:01.168203115 CET5160053192.168.2.61.1.1.1
                                                                                                                                                                              Nov 8, 2024 16:17:01.177107096 CET53516001.1.1.1192.168.2.6

                                                                                                                                                                              DNS Queries

                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                              Nov 8, 2024 16:16:54.988768101 CET192.168.2.61.1.1.10x6d0fStandard query (0)wcdownloadercdn.lavasoft.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Nov 8, 2024 16:16:59.930027962 CET192.168.2.61.1.1.10xf469Standard query (0)flow.lavasoft.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Nov 8, 2024 16:17:01.168203115 CET192.168.2.61.1.1.10xa45eStandard query (0)wc-update-service.lavasoft.comA (IP address)IN (0x0001)false

                                                                                                                                                                              DNS Answers

                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                              Nov 8, 2024 16:16:54.997338057 CET1.1.1.1192.168.2.60x6d0fNo error (0)wcdownloadercdn.lavasoft.com104.16.148.130A (IP address)IN (0x0001)false
                                                                                                                                                                              Nov 8, 2024 16:16:54.997338057 CET1.1.1.1192.168.2.60x6d0fNo error (0)wcdownloadercdn.lavasoft.com104.16.149.130A (IP address)IN (0x0001)false
                                                                                                                                                                              Nov 8, 2024 16:16:59.938311100 CET1.1.1.1192.168.2.60xf469No error (0)flow.lavasoft.com104.16.148.130A (IP address)IN (0x0001)false
                                                                                                                                                                              Nov 8, 2024 16:16:59.938311100 CET1.1.1.1192.168.2.60xf469No error (0)flow.lavasoft.com104.16.149.130A (IP address)IN (0x0001)false
                                                                                                                                                                              Nov 8, 2024 16:17:01.177107096 CET1.1.1.1192.168.2.60xa45eNo error (0)wc-update-service.lavasoft.com64.18.87.81A (IP address)IN (0x0001)false
                                                                                                                                                                              Nov 8, 2024 16:17:01.177107096 CET1.1.1.1192.168.2.60xa45eNo error (0)wc-update-service.lavasoft.com64.18.87.82A (IP address)IN (0x0001)false

                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                              • wcdownloadercdn.lavasoft.com
                                                                                                                                                                              • flow.lavasoft.com
                                                                                                                                                                              • wc-update-service.lavasoft.com

                                                                                                                                                                              HTTP Packets

                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.2.649711104.16.148.130801112C:\Windows\SysWOW64\wget.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Nov 8, 2024 16:16:55.008887053 CET230OUTGET /8.9.0.1091/WcInstaller.exe HTTP/1.1
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
                                                                                                                                                                              Accept: */*
                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                              Host: wcdownloadercdn.lavasoft.com
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Nov 8, 2024 16:16:55.666589975 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Fri, 08 Nov 2024 15:16:55 GMT
                                                                                                                                                                              Content-Type: application/x-msdos-program
                                                                                                                                                                              Content-Length: 551822
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              ETag: "1387745468"
                                                                                                                                                                              Last-Modified: Fri, 09 Aug 2024 17:07:30 GMT
                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                              Age: 3346
                                                                                                                                                                              Expires: Fri, 08 Nov 2024 19:16:55 GMT
                                                                                                                                                                              Cache-Control: public, max-age=14400
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8df686e72a866b88-DFW
                                                                                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 1e 1d 57 9d 7f 73 04 9d 7f 73 04 9d 7f 73 04 1e 63 7d 04 84 7f 73 04 ab 59 79 04 dd 7f 73 04 13 77 2c 04 9c 7f 73 04 9d 7f 72 04 2f 7f 73 04 1e 77 2e 04 94 7f 73 04 ab 59 78 04 d0 7f 73 04 f2 09 d9 04 9a 7f 73 04 f2 09 ed 04 9c 7f 73 04 5a 79 75 04 9c 7f 73 04 52 69 63 68 9d 7f 73 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ce 88 ac 4d 00 00 00 00 00 00 00 00 e0 00 2f 01 0b 01 06 00 00 98 01 00 00 ec 00 00 00 00 00 00 d4 48 01 00 00 10 00 00 00 b0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 f0 02 00 00 04 00 00 37 e0 08 00 02 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Wsssc}sYysw,sr/sw.sYxsssZyusRichsPELM/H@7dpq.text `.rdataDF@@.datahZ2@.sxdata`@.rsrcqpr@@
                                                                                                                                                                              Nov 8, 2024 16:16:55.666623116 CET212INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii:
                                                                                                                                                                              Nov 8, 2024 16:16:55.666649103 CET1236INData Raw: c6 05 64 00 42 00 3b c6 05 78 00 42 00 3b c3 55 8b ec 81 ec 34 01 00 00 8b 45 08 53 56 57 a3 64 31 42 00 e8 4e 0a 00 00 6a 03 33 db 5f 8d 8d 68 ff ff ff 57 a2 68 31 42 00 89 9d 68 ff ff ff 89 9d 6c ff ff ff 89 9d 70 ff ff ff e8 38 11 00 00 57 8d
                                                                                                                                                                              Data Ascii: dB;xB;U4ESVWd1BNj3_hWh1Bhlp8WM]]]&WM]]]WM]]]APMEhPM+(u)Y]WM]]M<5MMahxBM]EjP
                                                                                                                                                                              Nov 8, 2024 16:16:55.666661024 CET1236INData Raw: 5d 0b 75 0c ba 34 01 42 00 33 c9 e8 d7 f9 00 00 6a 01 5b e9 0a 05 00 00 6a 1c e8 45 25 00 00 8b f0 59 3b f3 74 13 8d 4e 08 89 5e 04 e8 20 0a 00 00 c7 06 30 b3 41 00 eb 02 33 f6 3b f3 74 06 8b 06 56 ff 50 04 8b ce e8 69 6a 00 00 85 c0 74 11 ba 0c
                                                                                                                                                                              Data Ascii: ]u4B3j[jE%Y;tN^ 0A3;tVPijtB3xHPWM]]]],EUPEPH8P~;tt8]ugt8]t(j Z0IPM $Y@=@t.9]t)j
                                                                                                                                                                              Nov 8, 2024 16:16:55.666671991 CET1236INData Raw: 00 ff b5 2c ff ff ff 8b bd 10 ff ff ff e8 a4 20 00 00 3b fb 59 74 10 6a ff 57 ff 15 88 b0 41 00 57 ff 15 8c b0 41 00 8b 4d 84 e8 50 35 00 00 ff 75 84 e8 7f 20 00 00 ff b5 48 ff ff ff e8 74 20 00 00 59 3b f3 59 74 06 8b 06 56 ff 50 08 8d 8d 74 ff
                                                                                                                                                                              Data Ascii: , ;YtjWAWAMP5u Ht Y;YtVPtd9xR uJ <? u4 u, u$ u u h _^[Qd$Vj#^YUllPAt
                                                                                                                                                                              Nov 8, 2024 16:16:55.666683912 CET1236INData Raw: 03 00 00 8b 45 08 c9 c2 08 00 55 8b ec 51 51 53 8b 5d 08 56 57 83 7b 04 00 8b f1 74 10 8b 7d 0c 8b 0b 8b 17 e8 67 1c 00 00 85 c0 75 04 33 c0 eb 49 8b 43 04 89 45 fc 8b 47 04 33 ff 89 45 f8 39 7e 04 89 7d 08 7e 30 57 53 8b ce e8 09 04 00 00 8b f8
                                                                                                                                                                              Data Ascii: EUQQS]VW{t}gu3ICEG3E9~}~0WS|!uW)uW}E;~|E_^[VjNT$FF$^3HHH@DAUQSMW}C;~+EE~-VEC
                                                                                                                                                                              Nov 8, 2024 16:16:55.666697025 CET1236INData Raw: 6e 02 00 00 83 65 fc 00 50 8b ce e8 8e 01 00 00 ff 75 e8 e8 f6 16 00 00 59 5e 8b 4d f4 64 89 0d 00 00 00 00 c9 c3 b8 30 8f 41 00 e8 9f 13 01 00 83 ec 0c 8d 45 e8 56 8b f1 50 e8 33 02 00 00 83 65 fc 00 50 8b ce e8 8d 01 00 00 ff 75 e8 e8 bb 16 00
                                                                                                                                                                              Data Ascii: nePuY^Md0AEVP3ePuY^MdUVWF9E~EMyt3EWP3~SMUfA@;fS|[~F_^]SVt$WL$_1;~+~(1iTR1PHRP
                                                                                                                                                                              Nov 8, 2024 16:16:55.666708946 CET1060INData Raw: 00 e8 52 05 00 00 84 c0 74 0a b8 04 40 00 80 e9 9e 04 00 00 8b 46 4c 33 db 3b c3 74 09 8b 08 50 ff 51 08 89 5e 4c 66 89 5d a8 66 89 5d aa 8b 46 0c 8b 7d 0c 8d 55 a8 89 5d fc 8b 08 52 6a 03 57 50 ff 51 18 3b c3 74 04 8b f0 eb 40 6a 03 8d 4d e8 89
                                                                                                                                                                              Data Ascii: Rt@FL3;tPQ^Lf]f]F}U]RjWPQ;t@jM]]]f9]EuFPMP3f}t!uY@MM4uM}ENP9]f]f]FURjWPEQ;t<f9]uFdf
                                                                                                                                                                              Nov 8, 2024 16:16:55.666721106 CET1236INData Raw: 40 00 80 e9 86 00 00 00 57 8d 4e 4c e8 89 36 00 00 8b 45 10 c6 45 fc 09 89 38 bf 78 b3 41 00 8d 45 b8 8d 4e 28 50 e8 37 f1 ff ff ff b5 7c ff ff ff e8 e0 0d 00 00 ff 75 b8 e8 d8 0d 00 00 ff 75 9c e8 d0 0d 00 00 83 c4 0c 89 7d c4 8d 4d c4 c6 45 fc
                                                                                                                                                                              Data Ascii: @WNL6EE8xAEN(P7|uu}MEMEoME0EuMYM/3M_^[d/UjhXAutjhAuuMEPQ3@]L$
                                                                                                                                                                              Nov 8, 2024 16:16:55.666733980 CET1236INData Raw: e8 fa 24 00 00 84 c0 75 17 ff 35 20 03 42 00 8d 4e 64 e8 18 ec ff ff c7 46 60 05 40 00 80 eb 61 8b 46 1c 3b c3 74 08 83 c0 04 89 45 f0 eb 03 89 5d f0 6a 04 8d 4d d0 e8 34 01 00 00 c7 45 d0 80 b3 41 00 ff 75 f0 8d 46 04 8d 7e 28 c6 45 fc 01 50 53
                                                                                                                                                                              Data Ascii: $u5 BNdF`@aF;tE]jM4EAuF~(EPSESP6[MF`]9^`t5$BNduFMP[ME)Mou@EMPjZaPNdEuluF`@]uUoh
                                                                                                                                                                              Nov 8, 2024 16:16:55.671648979 CET1236INData Raw: 88 5e 3b e8 73 fa 00 00 85 c0 74 15 8d 45 f0 68 c8 c4 41 00 50 c7 45 f0 cb 5e 14 00 e8 f7 04 01 00 8b 4d f4 8b c6 5f 5e 5b 64 89 0d 00 00 00 00 c9 c3 b0 01 c3 32 c0 c2 0c 00 32 c0 c2 08 00 6a 01 ff 71 04 ff 15 e0 b1 41 00 c3 6a 02 ff 71 04 ff 15
                                                                                                                                                                              Data Ascii: ^;stEhAPE^M_^[d22jqAjqAV3F F(FFF$F,^VAD$tVY^TAD$VTAtVY^QAVF@PAN<vYTA^V


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              1192.168.2.649713104.16.148.130803856C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Nov 8, 2024 16:16:59.956182957 CET186OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                                                                                                                                                              Content-Type: application/json
                                                                                                                                                                              Host: flow.lavasoft.com
                                                                                                                                                                              Content-Length: 454
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Nov 8, 2024 16:16:59.961178064 CET454OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 64 31 62 65 63 35 33 61
                                                                                                                                                                              Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"d1bec53a-6b69-4823-a95f-cc11516f625a","Version":"8.9.0.1091","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":null,"CampaignID":null,"LanguageIso2":null,"
                                                                                                                                                                              Nov 8, 2024 16:17:00.692257881 CET524INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Fri, 08 Nov 2024 15:17:00 GMT
                                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                              Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                                                                                                                                                              Access-Control-Expose-Headers: Content-Length,Content-Range
                                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8df687061f126b15-DFW
                                                                                                                                                                              Data Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 1d{"message":"Event persisted"}0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              2192.168.2.64971464.18.87.81803856C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Nov 8, 2024 16:17:01.187124014 CET211OUTPOST /update.asmx HTTP/1.1
                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                              SOAPAction: "http://tempuri.org/GetComponentsVersionInfo"
                                                                                                                                                                              Host: wc-update-service.lavasoft.com
                                                                                                                                                                              Content-Length: 262
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Nov 8, 2024 16:17:01.187199116 CET262OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6d 70 6f 6e
                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetComponentsVersionInfo xmlns="http://tempuri.org/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><platform>prod</platform><version/></GetComponentsVersionInfo></s
                                                                                                                                                                              Nov 8, 2024 16:17:01.863668919 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Fri, 08 Nov 2024 15:17:01 GMT
                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                              Content-Length: 1485
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              Cache-Control: private, max-age=0
                                                                                                                                                                              X-AspNet-Version: 4.0.30319
                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                              Access-Control-Allow-Origin: http://webcompanion.com
                                                                                                                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6d 70 6f 6e 65 6e 74 73 56 65 72 73 69 6f 6e 49 6e 66 6f 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 43 6f 6d 70 6f 6e 65 6e 74 73 56 65 72 73 69 6f 6e 49 6e 66 6f 52 65 73 75 6c 74 3e 3c 43 6f 6d 70 6f 6e 65 6e 74 73 3e 3c 43 6f 6d 70 6f 6e 65 6e 74 56 65 72 73 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><GetComponentsVersionInfoResponse xmlns="http://tempuri.org/"><GetComponentsVersionInfoResult><Components><ComponentVersionInfo><Name>installer</Name><Version>7.0.2417.4248</Version><DownloadUrl>http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/Installer.exe</DownloadUrl></ComponentVersionInfo><ComponentVersionInfo><Name>application</Name><Version>2.1.1117.2317</Version><DownloadUrl>http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/Installer.msi</DownloadUrl></ComponentVersionInfo><ComponentVersionInfo><Name>tcpservice</Name><Version>2.3.4.7</Version><DownloadUrl>http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/TcpService.msi</DownloadUrl></ComponentVersionInfo><ComponentVersionInfo><Name>42f00399-529e-4915-83c
                                                                                                                                                                              Nov 8, 2024 16:17:01.863888979 CET546INData Raw: 65 2d 35 62 34 63 31 38 30 34 39 66 63 38 3c 2f 4e 61 6d 65 3e 3c 56 65 72 73 69 6f 6e 3e 37 2e 30 2e 32 34 31 37 2e 34 32 34 38 3c 2f 56 65 72 73 69 6f 6e 3e 3c 44 6f 77 6e 6c 6f 61 64 55 72 6c 3e 68 74 74 70 3a 2f 2f 77 63 64 6f 77 6e 6c 6f 61
                                                                                                                                                                              Data Ascii: e-5b4c18049fc8</Name><Version>7.0.2417.4248</Version><DownloadUrl>http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/WcInstaller.exe</DownloadUrl></ComponentVersionInfo><ComponentVersionInfo><Name>webcompanion</Name><Version>7.0.2417.4248</Vers


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              3192.168.2.649716104.16.148.130803856C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Nov 8, 2024 16:17:02.062747002 CET107OUTGET /7.0.2417.4248/WcInstaller.exe HTTP/1.1
                                                                                                                                                                              Host: wcdownloadercdn.lavasoft.com
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Nov 8, 2024 16:17:02.829586029 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Fri, 08 Nov 2024 15:17:02 GMT
                                                                                                                                                                              Content-Type: application/x-msdos-program
                                                                                                                                                                              Content-Length: 506240
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              ETag: "512621886"
                                                                                                                                                                              Last-Modified: Fri, 12 Feb 2021 19:39:33 GMT
                                                                                                                                                                              CF-Cache-Status: REVALIDATED
                                                                                                                                                                              Expires: Fri, 08 Nov 2024 19:17:02 GMT
                                                                                                                                                                              Cache-Control: public, max-age=14400
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8df68713798e4793-DFW
                                                                                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 1e 1d 57 9d 7f 73 04 9d 7f 73 04 9d 7f 73 04 1e 63 7d 04 84 7f 73 04 ab 59 79 04 dd 7f 73 04 13 77 2c 04 9c 7f 73 04 9d 7f 72 04 2f 7f 73 04 1e 77 2e 04 94 7f 73 04 ab 59 78 04 d0 7f 73 04 f2 09 d9 04 9a 7f 73 04 f2 09 ed 04 9c 7f 73 04 5a 79 75 04 9c 7f 73 04 52 69 63 68 9d 7f 73 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ce 88 ac 4d 00 00 00 00 00 00 00 00 e0 00 2f 01 0b 01 06 00 00 98 01 00 00 ec 00 00 00 00 00 00 d4 48 01 00 00 10 00 00 00 b0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 f0 02 00 00 04 00 00 16 b0 08 00 02 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Wsssc}sYysw,sr/sw.sYxsssZyusRichsPELM/H@dpq `.text `.rdataDF@@.datahZ2@.sxdata`@.rsrcqpr@@
                                                                                                                                                                              Nov 8, 2024 16:17:02.829626083 CET212INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: dB;xB;U4E
                                                                                                                                                                              Nov 8, 2024 16:17:02.829647064 CET1236INData Raw: 53 56 57 a3 64 31 42 00 e8 4e 0a 00 00 6a 03 33 db 5f 8d 8d 68 ff ff ff 57 a2 68 31 42 00 89 9d 68 ff ff ff 89 9d 6c ff ff ff 89 9d 70 ff ff ff e8 38 11 00 00 57 8d 4d e4 89 5d e4 89 5d e8 89 5d ec e8 26 11 00 00 57 8d 4d b4 89 5d b4 89 5d b8 89
                                                                                                                                                                              Data Ascii: SVWd1BNj3_hWh1Bhlp8WM]]]&WM]]]WM]]]APMEhPM+(u)Y]WM]]M<5MMahxBM]EjPMp0*uQ)
                                                                                                                                                                              Nov 8, 2024 16:17:02.829665899 CET1236INData Raw: 45 25 00 00 8b f0 59 3b f3 74 13 8d 4e 08 89 5e 04 e8 20 0a 00 00 c7 06 30 b3 41 00 eb 02 33 f6 3b f3 74 06 8b 06 56 ff 50 04 8b ce e8 69 6a 00 00 85 c0 74 11 ba 0c 01 42 00 33 c9 e8 8b f9 00 00 e9 03 01 00 00 8d 85 78 ff ff ff 8d 8d 48 ff ff ff
                                                                                                                                                                              Data Ascii: E%Y;tN^ 0A3;tVPijtB3xHPWM]]]],EUPEPH8P~;tt8]ugt8]t(j Z0IPM $Y@=@t.9]t)j ZHjPuSA
                                                                                                                                                                              Nov 8, 2024 16:17:02.829678059 CET1236INData Raw: 15 88 b0 41 00 57 ff 15 8c b0 41 00 8b 4d 84 e8 50 35 00 00 ff 75 84 e8 7f 20 00 00 ff b5 48 ff ff ff e8 74 20 00 00 59 3b f3 59 74 06 8b 06 56 ff 50 08 8d 8d 74 ff ff ff e8 64 39 00 00 ff b5 78 ff ff ff e8 52 20 00 00 ff 75 cc e8 4a 20 00 00 ff
                                                                                                                                                                              Data Ascii: AWAMP5u Ht Y;YtVPtd9xR uJ <? u4 u, u$ u u h _^[Qd$Vj#^YUllPAt|ujX3Vt$NF
                                                                                                                                                                              Nov 8, 2024 16:17:02.829690933 CET636INData Raw: 74 10 8b 7d 0c 8b 0b 8b 17 e8 67 1c 00 00 85 c0 75 04 33 c0 eb 49 8b 43 04 89 45 fc 8b 47 04 33 ff 89 45 f8 39 7e 04 89 7d 08 7e 30 57 53 8b ce e8 09 04 00 00 8b f8 85 ff 7c 21 ff 75 fc 8b ce 57 e8 29 05 00 00 ff 75 0c 8b ce 57 e8 c9 04 00 00 03
                                                                                                                                                                              Data Ascii: t}gu3ICEG3E9~}~0WS|!uW)uW}E;~|E_^[VjNT$FF$^3HHH@DAUQSMW}C;~+EE~-VEC0Mt,uY
                                                                                                                                                                              Nov 8, 2024 16:17:02.829703093 CET1236INData Raw: e8 46 19 00 00 59 8b c6 5e c2 04 00 b8 f4 8e 41 00 e8 f6 15 01 00 51 56 8b f1 89 75 f0 c7 06 4c b3 41 00 83 65 fc 00 e8 05 22 00 00 83 4d fc ff 8b ce e8 d1 21 00 00 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 56 8b f1 ff 76 0c e8 fc 18 00 00 ff 36 e8
                                                                                                                                                                              Data Ascii: FY^AQVuLAe"M!M^dVv6YY^3HHH@TAD$SVX;^t?WP39FY~9F~fAfG@;F|6YF>f$G^_^[SVWy\$+qN;~0@~+3
                                                                                                                                                                              Nov 8, 2024 16:17:02.829716921 CET1236INData Raw: ff 6a 20 8d 4d e4 89 75 fc e8 f3 f7 ff ff 6a 0a 8d 4d e4 e8 e9 f7 ff ff 6a 09 8d 4d e4 e8 df f7 ff ff 8b 4d 08 8d 45 e4 50 e8 fc f6 ff ff ff 75 e4 e8 41 14 00 00 8b 45 08 59 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c2 04 00 b8 58 8f 41 00 e8 e5 10 01
                                                                                                                                                                              Data Ascii: j MujMjMMEPuAEYM^dXAeVRMueMEPuYM^dUVu3HfNPEuN\@F`ENFd<u4
                                                                                                                                                                              Nov 8, 2024 16:17:02.829730034 CET1236INData Raw: 59 89 7d c4 59 c6 45 fc 08 eb 6c 8d 8d 7c ff ff ff e8 c7 f1 ff ff ff 75 b8 8d 8d 54 ff ff ff c6 45 fc 09 e8 38 2b 00 00 84 c0 0f 84 83 00 00 00 8b 4d b8 e8 31 21 00 00 84 c0 75 77 ff 35 80 02 42 00 8d 8e e4 00 00 00 e8 43 f2 ff ff ff b5 7c ff ff
                                                                                                                                                                              Data Ascii: Y}YEl|uTE8+M1!uw5BC|KuCu;}E@MMEME1uMYMj1h8]j;YtXH\A3;~H}tWPMFHj
                                                                                                                                                                              Nov 8, 2024 16:17:02.829742908 CET1236INData Raw: 85 6c ff ff ff ba ca 32 40 00 50 8d 4d 0c c6 45 fc 02 e8 45 00 01 00 8b f0 3b f3 74 0d 8d 4d 0c e8 f7 ff 00 00 e9 a1 00 00 00 6a 03 8d 4d e8 89 5d e8 89 5d ec 89 5d f0 e8 bc f1 ff ff 6a 45 8d 4d dc 5a c6 45 fc 03 e8 f1 2e 00 00 50 8d 4d e8 c6 45
                                                                                                                                                                              Data Ascii: l2@PMEE;tMjM]]]jEMZE.PMEEujYEMPEP|uQY]MluEPv9^uEPaEMuMlM_^[d*
                                                                                                                                                                              Nov 8, 2024 16:17:02.834758043 CET1236INData Raw: 5f 5e 64 89 0d 00 00 00 00 c9 c3 b8 29 91 41 00 e8 a7 02 01 00 51 56 8b f1 89 75 f0 ff 76 64 c7 45 fc 02 00 00 00 e8 d0 05 00 00 59 8d 4e 28 e8 69 ff ff ff 8b 46 20 c6 45 fc 01 85 c0 74 06 8b 08 50 ff 51 08 ff 76 10 e8 ae 05 00 00 ff 76 04 e8 a6
                                                                                                                                                                              Data Ascii: _^d)AQVuvdEYN(iF EtPQvvYY^MdANQVW3AFA~u~Nj}9yyNjE9yyoN(jE9yyY~LNPjE9yy@NhE6


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              4192.168.2.649737104.16.148.130804856C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Nov 8, 2024 16:17:06.064235926 CET208OUTPOST /v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1 HTTP/1.1
                                                                                                                                                                              Content-Type: application/json
                                                                                                                                                                              Host: flow.lavasoft.com
                                                                                                                                                                              Content-Length: 496
                                                                                                                                                                              Expect: 100-continue
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Nov 8, 2024 16:17:06.421000004 CET496OUTData Raw: 7b 22 44 61 74 61 22 3a 20 7b 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 66 64 64 34 32 65 65 31 2d 38 38 65 39 2d 33 31 34 33 2d 37 66 34 66 2d 62 65 32 63 30 39 36 31 31 36 39 38 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 64 31 62 65 63 35 33 61
                                                                                                                                                                              Data Ascii: {"Data": {"MachineId":"fdd42ee1-88e9-3143-7f4f-be2c09611698","InstallId":"d1bec53a-6b69-4823-a95f-cc11516f625a","Version":"7.0.2417.4248","OsVersion":"Microsoft Windows 10 Pro","OsBit":"64","PartnerID":null,"CampaignID":null,"LanguageIso2":nul
                                                                                                                                                                              Nov 8, 2024 16:17:06.659539938 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                              Nov 8, 2024 16:17:06.789387941 CET524INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Fri, 08 Nov 2024 15:17:06 GMT
                                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                              Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                                                                                                                                                              Access-Control-Expose-Headers: Content-Length,Content-Range
                                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8df6872c3b1a4867-DFW
                                                                                                                                                                              Data Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 1d{"message":"Event persisted"}0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              5192.168.2.64974464.18.87.81804856C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Nov 8, 2024 16:17:07.177953005 CET233OUTPOST /update.asmx HTTP/1.1
                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                              SOAPAction: "http://tempuri.org/GetComponentsVersionInfo"
                                                                                                                                                                              Host: wc-update-service.lavasoft.com
                                                                                                                                                                              Content-Length: 262
                                                                                                                                                                              Expect: 100-continue
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Nov 8, 2024 16:17:07.530432940 CET262OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6d 70 6f 6e
                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetComponentsVersionInfo xmlns="http://tempuri.org/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><platform>prod</platform><version/></GetComponentsVersionInfo></s
                                                                                                                                                                              Nov 8, 2024 16:17:07.848953009 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                              Nov 8, 2024 16:17:07.851221085 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Fri, 08 Nov 2024 15:17:07 GMT
                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                              Content-Length: 1485
                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                              Cache-Control: private, max-age=0
                                                                                                                                                                              X-AspNet-Version: 4.0.30319
                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                              Access-Control-Allow-Origin: http://webcompanion.com
                                                                                                                                                                              Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6d 70 6f 6e 65 6e 74 73 56 65 72 73 69 6f 6e 49 6e 66 6f 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 43 6f 6d 70 6f 6e 65 6e 74 73 56 65 72 73 69 6f 6e 49 6e 66 6f 52 65 73 75 6c 74 3e 3c 43 6f 6d 70 6f 6e 65 6e 74 73 3e 3c 43 6f 6d 70 6f 6e 65 6e 74 56 65 72 73 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><GetComponentsVersionInfoResponse xmlns="http://tempuri.org/"><GetComponentsVersionInfoResult><Components><ComponentVersionInfo><Name>installer</Name><Version>7.0.2417.4248</Version><DownloadUrl>http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/Installer.exe</DownloadUrl></ComponentVersionInfo><ComponentVersionInfo><Name>application</Name><Version>2.1.1117.2317</Version><DownloadUrl>http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/Installer.msi</DownloadUrl></ComponentVersionInfo><ComponentVersionInfo><Name>tcpservice</Name><Version>2.3.4.7</Version><DownloadUrl>http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/TcpService.msi</DownloadUrl></ComponentVersionInfo><ComponentVersionInfo><Name>42f00399-529e-4915-83c
                                                                                                                                                                              Nov 8, 2024 16:17:07.851484060 CET546INData Raw: 65 2d 35 62 34 63 31 38 30 34 39 66 63 38 3c 2f 4e 61 6d 65 3e 3c 56 65 72 73 69 6f 6e 3e 37 2e 30 2e 32 34 31 37 2e 34 32 34 38 3c 2f 56 65 72 73 69 6f 6e 3e 3c 44 6f 77 6e 6c 6f 61 64 55 72 6c 3e 68 74 74 70 3a 2f 2f 77 63 64 6f 77 6e 6c 6f 61
                                                                                                                                                                              Data Ascii: e-5b4c18049fc8</Name><Version>7.0.2417.4248</Version><DownloadUrl>http://wcdownloadercdn.lavasoft.com/7.0.2417.4248/WcInstaller.exe</DownloadUrl></ComponentVersionInfo><ComponentVersionInfo><Name>webcompanion</Name><Version>7.0.2417.4248</Vers


                                                                                                                                                                              Statistics

                                                                                                                                                                              CPU Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Memory Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                              Behavior

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              System Behavior

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:0
                                                                                                                                                                              Start time:10:16:53
                                                                                                                                                                              Start date:08/11/2024
                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe" > cmdline.out 2>&1
                                                                                                                                                                              Imagebase:0x1c0000
                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:1
                                                                                                                                                                              Start time:10:16:53
                                                                                                                                                                              Start date:08/11/2024
                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                              Imagebase:0x7ff66e660000
                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:2
                                                                                                                                                                              Start time:10:16:53
                                                                                                                                                                              Start date:08/11/2024
                                                                                                                                                                              Path:C:\Windows\SysWOW64\wget.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://wcdownloadercdn.lavasoft.com/8.9.0.1091/WcInstaller.exe"
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              File size:3'895'184 bytes
                                                                                                                                                                              MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:4
                                                                                                                                                                              Start time:10:16:56
                                                                                                                                                                              Start date:08/11/2024
                                                                                                                                                                              Path:C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\download\WcInstaller.exe"
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              File size:551'822 bytes
                                                                                                                                                                              MD5 hash:867A91A0D1D0A8C6FE8431BD1C3764C3
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                              • Detection: 50%, ReversingLabs
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:5
                                                                                                                                                                              Start time:10:16:56
                                                                                                                                                                              Start date:08/11/2024
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:.\WebCompanionInstaller.exe
                                                                                                                                                                              Imagebase:0x4a0000
                                                                                                                                                                              File size:465'560 bytes
                                                                                                                                                                              MD5 hash:1DD482A55C56D87111463B92DA716FC4
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zSC19CAB7E\WebCompanionInstaller.exe, Author: Joe Security
                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                              • Detection: 12%, ReversingLabs
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:6
                                                                                                                                                                              Start time:10:17:02
                                                                                                                                                                              Start date:08/11/2024
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\wctmp_700474969\WcInstaller.exe" --nanouniqueid=1731079018259
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              File size:506'240 bytes
                                                                                                                                                                              MD5 hash:3662CA255599DB5161CDE52E1DE102A7
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                              • Detection: 27%, ReversingLabs
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:7
                                                                                                                                                                              Start time:10:17:02
                                                                                                                                                                              Start date:08/11/2024
                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:.\WebCompanionInstaller.exe --prod --nanouniqueid=1731079018259
                                                                                                                                                                              Imagebase:0xff0000
                                                                                                                                                                              File size:373'736 bytes
                                                                                                                                                                              MD5 hash:FC6914EC6BFCC36059143A72E2073C19
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\7zS0CFBCF2E\WebCompanionInstaller.exe, Author: Joe Security
                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                              • Detection: 17%, ReversingLabs
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              Disassembly

                                                                                                                                                                              Reset < >

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:17.2%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                Signature Coverage:1.8%
                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                Total number of Limit Nodes:15
                                                                                                                                                                                execution_graph 13008 40b681 13009 40b68e 13008->13009 13013 40b69f 13008->13013 13009->13013 13014 40b6c0 13009->13014 13015 40b6ca __EH_prolog 13014->13015 13029 404349 13015->13029 13020 404349 ctype 34 API calls 13021 40b710 13020->13021 13022 404320 ctype 34 API calls 13021->13022 13023 40b71b 13022->13023 13038 409739 13023->13038 13026 403a63 13115 413d6f 13026->13115 13048 40435e 13029->13048 13032 404320 13033 40432b 13032->13033 13034 404349 ctype 34 API calls 13033->13034 13035 404333 13034->13035 13036 403a63 ctype 29 API calls 13035->13036 13037 40433b 13036->13037 13037->13020 13039 409743 __EH_prolog 13038->13039 13040 404320 ctype 34 API calls 13039->13040 13041 409759 13040->13041 13042 404320 ctype 34 API calls 13041->13042 13043 409765 13042->13043 13044 404320 ctype 34 API calls 13043->13044 13045 409771 13044->13045 13046 404320 ctype 34 API calls 13045->13046 13047 40977c 13046->13047 13047->13026 13050 403a63 29 API calls 13048->13050 13052 40b815 13048->13052 13049 404350 13049->13032 13050->13049 13055 40b82c 13052->13055 13053 40b864 13053->13049 13055->13053 13056 403a63 ctype 29 API calls 13055->13056 13057 409dfc 13055->13057 13056->13055 13058 409e06 __EH_prolog 13057->13058 13077 407782 13058->13077 13061 404320 ctype 34 API calls 13062 409e30 13061->13062 13063 404320 ctype 34 API calls 13062->13063 13064 409e3f 13063->13064 13065 404349 ctype 34 API calls 13064->13065 13066 409e59 13065->13066 13067 404320 ctype 34 API calls 13066->13067 13068 409e64 13067->13068 13069 404349 ctype 34 API calls 13068->13069 13070 409e7b 13069->13070 13071 404320 ctype 34 API calls 13070->13071 13072 409e86 13071->13072 13085 4099f1 13072->13085 13078 407792 13077->13078 13079 407797 13077->13079 13105 413030 SetEvent 13078->13105 13081 4077ad 13079->13081 13109 412fe0 WaitForSingleObject 13079->13109 13081->13061 13083 4077a6 13110 412fb0 13083->13110 13086 4099fb __EH_prolog 13085->13086 13087 407782 5 API calls 13086->13087 13088 409a14 13087->13088 13089 412fb0 ctype 2 API calls 13088->13089 13090 409a1c 13089->13090 13091 412fb0 ctype 2 API calls 13090->13091 13092 409a24 13091->13092 13093 412fb0 ctype 2 API calls 13092->13093 13094 409a2c 13093->13094 13095 409a39 13094->13095 13096 409a43 __EH_prolog 13095->13096 13097 404320 ctype 34 API calls 13096->13097 13098 409a59 13097->13098 13099 404320 ctype 34 API calls 13098->13099 13100 409a65 13099->13100 13101 404320 ctype 34 API calls 13100->13101 13102 409a71 13101->13102 13103 404320 ctype 34 API calls 13102->13103 13104 409a7d 13103->13104 13104->13055 13106 413040 GetLastError 13105->13106 13107 41303d 13105->13107 13108 41304a 13106->13108 13107->13079 13108->13079 13109->13083 13111 412fd5 13110->13111 13112 412fb9 CloseHandle 13110->13112 13111->13081 13112->13111 13113 412fc4 GetLastError 13112->13113 13113->13111 13114 412fce 13113->13114 13114->13081 13116 403a6c 13115->13116 13117 413d9d 13115->13117 13116->13013 13118 413de2 13117->13118 13119 413da7 13117->13119 13120 413dd3 13118->13120 13123 4154da ctype 28 API calls 13118->13123 13132 4154da 13119->13132 13120->13116 13122 413e3b RtlFreeHeap 13120->13122 13122->13116 13128 413dee ctype 13123->13128 13124 413dae ctype 13125 413dc8 13124->13125 13147 415898 13124->13147 13153 413dd9 13125->13153 13127 413e1a 13160 413e31 13127->13160 13128->13127 13156 41661f 13128->13156 13133 415530 EnterCriticalSection 13132->13133 13134 4154f2 13132->13134 13133->13124 13163 413c35 13134->13163 13137 415508 13139 4154da ctype 27 API calls 13137->13139 13140 415510 13139->13140 13141 415521 13140->13141 13142 415517 InitializeCriticalSection 13140->13142 13144 413d6f ctype 27 API calls 13141->13144 13143 415526 13142->13143 13172 41553b LeaveCriticalSection 13143->13172 13144->13143 13146 41552e 13146->13133 13148 4158d6 13147->13148 13152 415b8c ctype 13147->13152 13149 415ad2 VirtualFree 13148->13149 13148->13152 13150 415b36 13149->13150 13151 415b45 VirtualFree HeapFree 13150->13151 13150->13152 13151->13152 13152->13125 13256 41553b LeaveCriticalSection 13153->13256 13155 413de0 13155->13120 13157 416662 13156->13157 13158 41664c 13156->13158 13157->13127 13158->13157 13257 416506 13158->13257 13266 41553b LeaveCriticalSection 13160->13266 13162 413e38 13162->13120 13173 413c47 13163->13173 13166 4149dc 13167 4149e5 13166->13167 13168 4149ea 13166->13168 13236 4175cd 13167->13236 13242 417606 13168->13242 13172->13146 13174 413c44 13173->13174 13176 413c4e ctype 13173->13176 13174->13137 13174->13166 13176->13174 13177 413c73 13176->13177 13178 413ca0 13177->13178 13182 413ce3 13177->13182 13179 4154da ctype 28 API calls 13178->13179 13185 413cce 13178->13185 13180 413cb6 13179->13180 13195 415bc1 13180->13195 13181 413d52 RtlAllocateHeap 13184 413cd5 13181->13184 13182->13185 13186 413d05 13182->13186 13184->13176 13185->13181 13185->13184 13188 4154da ctype 28 API calls 13186->13188 13190 413d0c 13188->13190 13204 416664 13190->13204 13192 413d1f 13211 413d39 13192->13211 13198 415bf3 13195->13198 13196 415c92 13200 413cc1 13196->13200 13221 415f7b 13196->13221 13198->13196 13198->13200 13214 415eca 13198->13214 13201 413cda 13200->13201 13225 41553b LeaveCriticalSection 13201->13225 13203 413ce1 13203->13185 13209 416672 ctype 13204->13209 13205 41675e VirtualAlloc 13210 41672f ctype 13205->13210 13206 416833 13226 41636c 13206->13226 13209->13205 13209->13206 13209->13210 13210->13192 13210->13210 13235 41553b LeaveCriticalSection 13211->13235 13213 413d2c 13213->13184 13213->13185 13215 415f0d HeapAlloc 13214->13215 13216 415edd HeapReAlloc 13214->13216 13217 415f5d 13215->13217 13219 415f33 VirtualAlloc 13215->13219 13216->13217 13218 415efc 13216->13218 13217->13196 13218->13215 13219->13217 13220 415f4d HeapFree 13219->13220 13220->13217 13222 415f8d VirtualAlloc 13221->13222 13224 415fd6 13222->13224 13224->13200 13225->13203 13227 416380 HeapAlloc 13226->13227 13228 416379 13226->13228 13229 41639d VirtualAlloc 13227->13229 13234 4163d5 ctype 13227->13234 13228->13229 13230 416492 13229->13230 13231 4163bd VirtualAlloc 13229->13231 13232 41649a HeapFree 13230->13232 13230->13234 13233 416484 VirtualFree 13231->13233 13231->13234 13232->13234 13233->13230 13234->13210 13235->13213 13238 4175d7 13236->13238 13237 417604 13237->13168 13238->13237 13239 417606 ctype 7 API calls 13238->13239 13240 4175ee 13239->13240 13241 417606 ctype 7 API calls 13240->13241 13241->13237 13244 417619 13242->13244 13243 417730 ctype 13246 417743 GetStdHandle WriteFile 13243->13246 13244->13243 13245 417659 13244->13245 13250 4149f3 13244->13250 13247 417665 GetModuleFileNameA 13245->13247 13245->13250 13246->13250 13248 41767d ctype 13247->13248 13251 4180f0 13248->13251 13250->13137 13252 4180fd LoadLibraryA 13251->13252 13253 41813f 13251->13253 13252->13253 13254 41810e GetProcAddress 13252->13254 13253->13250 13254->13253 13255 418125 GetProcAddress GetProcAddress 13254->13255 13255->13253 13256->13155 13260 416513 13257->13260 13258 4165c3 13258->13157 13259 416534 VirtualFree 13259->13260 13260->13258 13260->13259 13262 4164b0 VirtualFree 13260->13262 13263 4164cd 13262->13263 13264 4164fd 13263->13264 13265 4164dd HeapFree 13263->13265 13264->13260 13265->13260 13266->13162 13267 410f30 13268 413d6f ctype 29 API calls 13267->13268 13269 410f36 13268->13269 13270 403724 13275 403740 13270->13275 13273 403739 13274 403a63 ctype 29 API calls 13274->13273 13276 40374a __EH_prolog 13275->13276 13291 4037d4 13276->13291 13278 40376d 13279 403a63 ctype 29 API calls 13278->13279 13280 403778 13279->13280 13295 4036b9 DeleteCriticalSection 13280->13295 13283 403a63 ctype 29 API calls 13284 403789 13283->13284 13285 403a63 ctype 29 API calls 13284->13285 13286 4037a3 13285->13286 13287 403a63 ctype 29 API calls 13286->13287 13288 4037ab 13287->13288 13289 403a63 ctype 29 API calls 13288->13289 13290 40372c 13289->13290 13290->13273 13290->13274 13292 4037e1 DestroyWindow 13291->13292 13293 4037dd 13291->13293 13294 4037f1 13292->13294 13293->13278 13294->13278 13296 412fb0 ctype 2 API calls 13295->13296 13297 4036ce 13296->13297 13298 403a63 ctype 29 API calls 13297->13298 13299 4036d6 13298->13299 13299->13283 13300 4148d4 GetVersion 13331 4157c8 HeapCreate 13300->13331 13302 414932 13303 414937 13302->13303 13304 41493f 13302->13304 13764 414a01 13303->13764 13343 41528c 13304->13343 13308 414944 13309 414950 13308->13309 13310 414948 13308->13310 13353 417411 13309->13353 13311 414a01 8 API calls 13310->13311 13313 41494f 13311->13313 13313->13309 13314 41495a GetCommandLineA 13367 4172df 13314->13367 13318 414974 13399 416fd9 13318->13399 13320 414979 13321 41497e GetStartupInfoA 13320->13321 13412 416f81 13321->13412 13323 414990 GetModuleHandleA 13416 401014 13323->13416 13332 4157e8 13331->13332 13333 41581e 13331->13333 13778 415680 13332->13778 13333->13302 13336 415804 13338 415821 13336->13338 13340 41636c ctype 5 API calls 13336->13340 13337 4157f7 13790 415825 HeapAlloc 13337->13790 13338->13302 13341 415801 13340->13341 13341->13338 13342 415812 HeapDestroy 13341->13342 13342->13333 13893 4154b1 InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection 13343->13893 13345 415292 TlsAlloc 13346 4152a2 13345->13346 13347 4152dc 13345->13347 13348 416ccc 30 API calls 13346->13348 13347->13308 13349 4152ab 13348->13349 13349->13347 13350 4152b3 TlsSetValue 13349->13350 13350->13347 13351 4152c4 13350->13351 13352 4152ca GetCurrentThreadId 13351->13352 13352->13308 13354 413c35 ctype 29 API calls 13353->13354 13355 417424 13354->13355 13356 417432 GetStartupInfoA 13355->13356 13357 4149dc ctype 7 API calls 13355->13357 13363 417551 13356->13363 13366 417480 13356->13366 13357->13356 13359 41757c GetStdHandle 13362 41758a GetFileType 13359->13362 13359->13363 13360 4175bc SetHandleCount 13360->13314 13361 413c35 ctype 29 API calls 13361->13366 13362->13363 13363->13359 13363->13360 13364 4174f7 13364->13363 13365 417519 GetFileType 13364->13365 13365->13364 13366->13361 13366->13363 13366->13364 13368 4172fa GetEnvironmentStringsW 13367->13368 13369 41732d 13367->13369 13371 417302 13368->13371 13372 41730e GetEnvironmentStrings 13368->13372 13370 41731e 13369->13370 13369->13371 13373 41496a 13370->13373 13376 4173c0 GetEnvironmentStrings 13370->13376 13377 4173cc 13370->13377 13374 417346 WideCharToMultiByte 13371->13374 13375 41733a GetEnvironmentStringsW 13371->13375 13372->13370 13372->13373 13390 417092 13373->13390 13379 41737a 13374->13379 13380 4173ac FreeEnvironmentStringsW 13374->13380 13375->13373 13375->13374 13376->13373 13376->13377 13381 413c35 ctype 29 API calls 13377->13381 13382 413c35 ctype 29 API calls 13379->13382 13380->13373 13387 4173e7 13381->13387 13383 417380 13382->13383 13383->13380 13384 417389 WideCharToMultiByte 13383->13384 13386 41739a 13384->13386 13389 4173a3 13384->13389 13385 4173fd FreeEnvironmentStringsA 13385->13373 13388 413d6f ctype 29 API calls 13386->13388 13387->13385 13388->13389 13389->13380 13391 4170a4 13390->13391 13392 4170a9 GetModuleFileNameA 13390->13392 13894 417fe2 13391->13894 13394 4170cc 13392->13394 13395 413c35 ctype 29 API calls 13394->13395 13396 4170ed 13395->13396 13397 4170fd 13396->13397 13398 4149dc ctype 7 API calls 13396->13398 13397->13318 13398->13397 13400 416fe6 13399->13400 13403 416feb ctype 13399->13403 13401 417fe2 48 API calls 13400->13401 13401->13403 13402 413c35 ctype 29 API calls 13404 417018 13402->13404 13403->13402 13405 4149dc ctype 7 API calls 13404->13405 13411 41702c ctype 13404->13411 13405->13411 13406 41706f 13407 413d6f ctype 29 API calls 13406->13407 13408 41707b 13407->13408 13408->13320 13409 413c35 ctype 29 API calls 13409->13411 13410 4149dc ctype 7 API calls 13410->13411 13411->13406 13411->13409 13411->13410 13413 416f8a 13412->13413 13415 416f8f 13412->13415 13414 417fe2 48 API calls 13413->13414 13414->13415 13415->13323 13923 401a7b GetVersionExA 13416->13923 13421 40218d 30 API calls 13422 401067 13421->13422 13423 40218d 30 API calls 13422->13423 13424 401079 13423->13424 13425 40218d 30 API calls 13424->13425 13426 40108b GetCommandLineW 13425->13426 13931 401cb5 13426->13931 13431 403a63 ctype 29 API calls 13432 4010b4 13431->13432 13433 40218d 30 API calls 13432->13433 13434 4010c7 13433->13434 13945 40460b 13434->13945 13441 401cb5 30 API calls 13442 4010ef 13441->13442 13975 401e6f 13442->13975 13447 403a63 ctype 29 API calls 13448 401112 13447->13448 13449 403a63 ctype 29 API calls 13448->13449 13450 40111a 13449->13450 13451 401154 13450->13451 14116 401e4e 13450->14116 13982 40245b 13451->13982 13458 40117c 13460 401180 13458->13460 13461 401199 13458->13461 13463 401191 13460->13463 14123 410ec0 MessageBoxW 13460->14123 13464 401cb5 30 API calls 13461->13464 13462 403a63 ctype 29 API calls 13465 401143 13462->13465 13469 403a63 ctype 29 API calls 13463->13469 13467 4011a9 13464->13467 13468 40237b 30 API calls 13465->13468 13471 40218d 30 API calls 13467->13471 13470 40114c 13468->13470 13472 401a2f 13469->13472 13473 402340 30 API calls 13470->13473 13478 4011bb 13471->13478 13475 403a63 ctype 29 API calls 13472->13475 13473->13451 13474 4014b2 13995 401c9d 13474->13995 13476 401a37 13475->13476 13479 403a63 ctype 29 API calls 13476->13479 13478->13474 14124 403de4 13478->14124 13482 401a3f 13479->13482 13485 403a63 ctype 29 API calls 13482->13485 13489 401a47 13485->13489 13487 4011f2 13665 401203 13487->13665 14151 410ec0 MessageBoxW 13487->14151 13488 40120b 13493 401cb5 30 API calls 13488->13493 13492 403a63 ctype 29 API calls 13489->13492 13490 4014f1 14014 403a3d 13490->14014 13491 4014d8 13543 4014e9 13491->13543 14159 410ec0 MessageBoxW 13491->14159 13496 401a4f 13492->13496 13498 401218 13493->13498 13501 403a63 ctype 29 API calls 13496->13501 14152 4040fd 13498->14152 13499 404349 ctype 34 API calls 13503 401341 13499->13503 13500 40536a 43 API calls 13504 401a06 13500->13504 13505 401392 13501->13505 13508 404320 ctype 34 API calls 13503->13508 13509 403a63 ctype 29 API calls 13504->13509 13770 416a66 13505->13770 13507 4014f8 14019 407f8e 13507->14019 13511 40134c 13508->13511 13513 401a11 13509->13513 13510 403a63 ctype 29 API calls 13514 401232 13510->13514 13516 403a63 ctype 29 API calls 13511->13516 13518 403a63 ctype 29 API calls 13513->13518 13515 401cb5 30 API calls 13514->13515 13519 401241 13515->13519 13520 401354 13516->13520 13523 401a19 13518->13523 13524 4040fd 30 API calls 13519->13524 13525 403a63 ctype 29 API calls 13520->13525 13521 401529 14160 410ec0 MessageBoxW 13521->14160 13522 40153a 14029 401d16 13522->14029 13528 403a63 ctype 29 API calls 13523->13528 13529 401253 13524->13529 13530 40135f 13525->13530 13528->13463 13532 403a63 ctype 29 API calls 13529->13532 13533 403a63 ctype 29 API calls 13530->13533 13536 40125b 13532->13536 13537 401367 13533->13537 13534 40218d 30 API calls 13535 401561 13534->13535 14032 402efe 13535->14032 13539 401cb5 30 API calls 13536->13539 13540 403a63 ctype 29 API calls 13537->13540 13542 40126a 13539->13542 13544 40136f 13540->13544 13547 4040fd 30 API calls 13542->13547 13543->13500 13548 403a63 ctype 29 API calls 13544->13548 13545 401584 13556 4015b5 13545->13556 13584 4015ef 13545->13584 14161 405ed1 13545->14161 13546 4015f8 13550 403a63 ctype 29 API calls 13546->13550 13551 40127f 13547->13551 13549 401377 13548->13549 13552 403a63 ctype 29 API calls 13549->13552 13553 401600 13550->13553 13554 403a63 ctype 29 API calls 13551->13554 13555 40137f 13552->13555 13558 401c9d 30 API calls 13553->13558 13559 401287 13554->13559 13561 403a63 ctype 29 API calls 13555->13561 13571 405ed1 33 API calls 13556->13571 13556->13584 13563 401609 13558->13563 13564 403b38 ctype 5 API calls 13559->13564 13560 403a63 ctype 29 API calls 13565 401924 13560->13565 13567 401387 13561->13567 14073 404f70 13563->14073 13570 401298 13564->13570 13566 403a63 ctype 29 API calls 13565->13566 13572 40192f 13566->13572 13573 403a63 ctype 29 API calls 13567->13573 13568 401daf 30 API calls 13574 4015aa 13568->13574 13576 401cb5 30 API calls 13570->13576 13577 4015d5 MessageBoxW 13571->13577 13582 40536a 43 API calls 13572->13582 13573->13505 13578 403a63 ctype 29 API calls 13574->13578 13580 4012af 13576->13580 13581 403a63 ctype 29 API calls 13577->13581 13578->13556 13593 403a63 ctype 29 API calls 13580->13593 13581->13584 13585 401946 13582->13585 13583 40161c 13586 401650 13583->13586 13587 401620 13583->13587 13584->13560 13588 403a63 ctype 29 API calls 13585->13588 13589 4017b4 13586->13589 13590 401659 13586->13590 13591 404f2c 33 API calls 13587->13591 13594 401951 13588->13594 13596 4017ec 13589->13596 14173 401d50 13589->14173 13595 401a66 31 API calls 13590->13595 13592 401628 13591->13592 13597 403a63 ctype 29 API calls 13592->13597 13598 4012c7 13593->13598 13600 403a63 ctype 29 API calls 13594->13600 13601 401664 13595->13601 13599 401d16 30 API calls 13596->13599 13603 401630 13597->13603 13612 401daf 30 API calls 13598->13612 13614 4012e4 13598->13614 13604 4017fb 13599->13604 13605 401959 13600->13605 13606 401692 13601->13606 13607 40169e 13601->13607 13611 403a63 ctype 29 API calls 13603->13611 14095 405bad 13604->14095 13616 403a63 ctype 29 API calls 13605->13616 14164 401e18 13606->14164 13609 401a66 31 API calls 13607->13609 13618 4016a9 ShellExecuteExA 13609->13618 13611->13543 13612->13614 13613 40139a 13620 401cb5 30 API calls 13613->13620 13614->13613 13621 4012f6 MessageBoxW 13614->13621 13623 401964 13616->13623 13624 401798 13618->13624 13625 4016e8 13618->13625 13627 4013a7 13620->13627 13621->13613 13628 40130e 13621->13628 13630 403a63 ctype 29 API calls 13623->13630 13633 403a63 ctype 29 API calls 13624->13633 13631 4016f9 13625->13631 14167 410ec0 MessageBoxW 13625->14167 13626 4017d2 13634 4040fd 30 API calls 13627->13634 13635 403a63 ctype 29 API calls 13628->13635 13629 401cb5 30 API calls 13636 401810 13629->13636 13637 40196c 13630->13637 13640 403a63 ctype 29 API calls 13631->13640 13641 4017a6 13633->13641 13643 4013bc 13634->13643 13644 401319 13635->13644 14099 401e8b 13636->14099 13646 403a63 ctype 29 API calls 13637->13646 13648 401701 13640->13648 13649 403a63 ctype 29 API calls 13641->13649 13650 401daf 30 API calls 13643->13650 13651 403a63 ctype 29 API calls 13644->13651 13647 401974 13646->13647 13653 403a63 ctype 29 API calls 13647->13653 13654 403a63 ctype 29 API calls 13648->13654 13655 4017ae 13649->13655 13656 4013c5 13650->13656 13657 401321 13651->13657 13661 40197c 13653->13661 13662 401709 13654->13662 13663 4019bf 13655->13663 13664 403a63 ctype 29 API calls 13656->13664 13659 403a63 ctype 29 API calls 13657->13659 13658 403a63 ctype 29 API calls 13660 401828 13658->13660 13659->13665 13666 403a63 ctype 29 API calls 13660->13666 13667 403a63 ctype 29 API calls 13661->13667 13668 404f2c 33 API calls 13662->13668 13669 4019d4 13663->13669 13670 4019c4 WaitForSingleObject CloseHandle 13663->13670 13671 4013d0 13664->13671 13665->13499 13673 401830 13666->13673 13674 401984 13667->13674 13675 401713 13668->13675 13676 404f2c 33 API calls 13669->13676 13670->13669 13672 403a63 ctype 29 API calls 13671->13672 13677 4013d8 13672->13677 13679 403a63 ctype 29 API calls 13674->13679 13683 401cb5 30 API calls 13677->13683 13685 40198c 13679->13685 13688 4013e7 13683->13688 13690 403a63 ctype 29 API calls 13685->13690 13693 4040fd 30 API calls 13688->13693 13690->13505 13696 4013fc 13693->13696 13699 401daf 30 API calls 13696->13699 13702 401405 13699->13702 13705 403a63 ctype 29 API calls 13702->13705 13709 401410 13705->13709 13714 403a63 ctype 29 API calls 13709->13714 13718 401418 13714->13718 13721 401cb5 30 API calls 13718->13721 13724 401427 13721->13724 13728 4040fd 30 API calls 13724->13728 13732 401440 13728->13732 13733 402635 30 API calls 13732->13733 13737 40144d 13733->13737 13739 401daf 30 API calls 13737->13739 13742 401456 13739->13742 13744 403a63 ctype 29 API calls 13742->13744 13746 401461 13744->13746 13748 403a63 ctype 29 API calls 13746->13748 13750 40146c 13748->13750 13752 403a63 ctype 29 API calls 13750->13752 13754 401474 13752->13754 13755 403a63 ctype 29 API calls 13754->13755 13756 40147f 13755->13756 13757 403a63 ctype 29 API calls 13756->13757 13758 401487 13757->13758 13759 403a63 ctype 29 API calls 13758->13759 13760 40148f 13759->13760 13761 404349 ctype 34 API calls 13760->13761 13762 4014a7 13761->13762 13763 404320 ctype 34 API calls 13762->13763 13763->13474 13765 414a0a 13764->13765 13766 414a0f 13764->13766 13767 4175cd ctype 7 API calls 13765->13767 13768 417606 ctype 7 API calls 13766->13768 13767->13766 13769 414a18 ExitProcess 13768->13769 16411 416a88 13770->16411 13773 416e09 13774 4152f3 35 API calls 13773->13774 13775 416e14 13774->13775 13776 416f3a UnhandledExceptionFilter 13775->13776 13777 4149ce 13775->13777 13776->13777 13792 413a90 13778->13792 13781 4156c3 GetEnvironmentVariableA 13785 4156e2 13781->13785 13789 4157a0 13781->13789 13782 4156a9 13782->13781 13783 4156bb 13782->13783 13783->13336 13783->13337 13786 415727 GetModuleFileNameA 13785->13786 13787 41571f 13785->13787 13786->13787 13787->13789 13794 4177c0 13787->13794 13789->13783 13797 415653 GetModuleHandleA 13789->13797 13791 415841 13790->13791 13791->13341 13793 413a9c GetVersionExA 13792->13793 13793->13781 13793->13782 13799 4177d7 13794->13799 13798 41566a 13797->13798 13798->13783 13801 4177ef 13799->13801 13803 41781f 13801->13803 13808 418578 13801->13808 13802 418578 6 API calls 13802->13803 13803->13802 13805 417948 13803->13805 13807 4177d3 13803->13807 13812 41843d 13803->13812 13805->13807 13823 416cba 13805->13823 13807->13789 13809 418596 13808->13809 13810 41858a 13808->13810 13826 41883c 13809->13826 13810->13801 13813 41845b InterlockedIncrement 13812->13813 13815 418448 13812->13815 13814 418477 InterlockedDecrement 13813->13814 13818 418481 13813->13818 13816 4154da ctype 29 API calls 13814->13816 13815->13803 13816->13818 13838 4184ac 13818->13838 13820 4184a1 InterlockedDecrement 13820->13815 13821 418497 13844 41553b LeaveCriticalSection 13821->13844 13863 4152f3 GetLastError TlsGetValue 13823->13863 13825 416cbf 13825->13807 13827 41886d GetStringTypeW 13826->13827 13828 418885 13826->13828 13827->13828 13829 418889 GetStringTypeA 13827->13829 13830 4188b0 GetStringTypeA 13828->13830 13831 4188d4 13828->13831 13829->13828 13832 418971 13829->13832 13830->13832 13831->13832 13834 4188ea MultiByteToWideChar 13831->13834 13832->13810 13834->13832 13835 41890e ctype 13834->13835 13835->13832 13836 418948 MultiByteToWideChar 13835->13836 13836->13832 13837 418961 GetStringTypeW 13836->13837 13837->13832 13839 4184d7 13838->13839 13840 41848e 13838->13840 13841 4184f3 13839->13841 13842 418578 6 API calls 13839->13842 13840->13820 13840->13821 13841->13840 13845 4185ed 13841->13845 13842->13841 13844->13815 13846 418639 13845->13846 13847 41861d LCMapStringW 13845->13847 13850 418682 LCMapStringA 13846->13850 13851 41869f 13846->13851 13847->13846 13848 418641 LCMapStringA 13847->13848 13848->13846 13849 41877b 13848->13849 13849->13840 13850->13849 13851->13849 13852 4186b5 MultiByteToWideChar 13851->13852 13852->13849 13853 4186df 13852->13853 13853->13849 13854 418715 MultiByteToWideChar 13853->13854 13854->13849 13855 41872e LCMapStringW 13854->13855 13855->13849 13856 418749 13855->13856 13857 41874f 13856->13857 13859 41878f 13856->13859 13857->13849 13858 41875d LCMapStringW 13857->13858 13858->13849 13859->13849 13860 4187c7 LCMapStringW 13859->13860 13860->13849 13861 4187df WideCharToMultiByte 13860->13861 13861->13849 13864 41530f 13863->13864 13865 41534e SetLastError 13863->13865 13874 416ccc 13864->13874 13865->13825 13868 415320 TlsSetValue 13869 415346 13868->13869 13870 415331 13868->13870 13871 4149dc ctype 7 API calls 13869->13871 13873 415337 GetCurrentThreadId 13870->13873 13872 41534d 13871->13872 13872->13865 13873->13865 13884 416d01 ctype 13874->13884 13875 415318 13875->13868 13875->13869 13876 416db9 HeapAlloc 13876->13884 13877 4154da ctype 29 API calls 13877->13884 13878 4154da ctype 29 API calls 13883 416d7b 13878->13883 13879 415bc1 ctype 5 API calls 13879->13884 13880 416664 ctype 6 API calls 13880->13883 13883->13876 13883->13878 13883->13880 13883->13884 13888 416dee 13883->13888 13884->13875 13884->13876 13884->13877 13884->13879 13884->13883 13885 416d65 13884->13885 13891 41553b LeaveCriticalSection 13885->13891 13887 416d6c 13887->13884 13892 41553b LeaveCriticalSection 13888->13892 13890 416df5 13890->13883 13891->13887 13892->13890 13893->13345 13895 417feb 13894->13895 13896 417ff2 13894->13896 13898 417c0a 13895->13898 13896->13392 13899 4154da ctype 29 API calls 13898->13899 13900 417c1a 13899->13900 13909 417db7 13900->13909 13904 417daf 13904->13896 13906 417c56 GetCPInfo 13908 417c6c 13906->13908 13907 417c31 13922 41553b LeaveCriticalSection 13907->13922 13908->13907 13914 417e5d GetCPInfo 13908->13914 13910 417dd7 13909->13910 13911 417dc7 GetOEMCP 13909->13911 13912 417c22 13910->13912 13913 417ddc GetACP 13910->13913 13911->13910 13912->13906 13912->13907 13912->13908 13913->13912 13915 417f48 13914->13915 13916 417e80 13914->13916 13915->13907 13917 41883c 6 API calls 13916->13917 13918 417efc 13917->13918 13919 4185ed 9 API calls 13918->13919 13920 417f20 13919->13920 13921 4185ed 9 API calls 13920->13921 13921->13915 13922->13904 13924 40102d 13923->13924 13925 40218d 13924->13925 13926 40219d 13925->13926 13930 401055 13925->13930 13927 403a3d 30 API calls 13926->13927 13928 4021a7 13927->13928 13929 403a63 ctype 29 API calls 13928->13929 13928->13930 13929->13930 13930->13421 13932 401cd3 13931->13932 13933 40218d 30 API calls 13932->13933 13934 40109a 13933->13934 13935 4038d7 13934->13935 13940 4038e1 __EH_prolog 13935->13940 13936 403956 13937 401e4e 30 API calls 13936->13937 13939 403965 13937->13939 13938 401ded 30 API calls 13938->13940 13941 401daf 30 API calls 13939->13941 13940->13936 13940->13938 13944 4010ac 13940->13944 13942 403972 13941->13942 13943 403a63 ctype 29 API calls 13942->13943 13943->13944 13944->13431 13946 404615 __EH_prolog 13945->13946 13947 404636 GetModuleFileNameA 13946->13947 13948 404697 GetModuleFileNameW 13946->13948 13949 4010cf 13947->13949 13951 404656 13947->13951 13948->13949 13950 4046b8 13948->13950 13963 40237b 13949->13963 13950->13949 13953 401d50 30 API calls 13950->13953 13951->13949 14197 403bdf 13951->14197 13953->13949 13957 401daf 30 API calls 13958 404683 13957->13958 13959 403a63 ctype 29 API calls 13958->13959 13960 40468b 13959->13960 13961 403a63 ctype 29 API calls 13960->13961 13962 404693 13961->13962 13962->13949 13964 402385 __EH_prolog 13963->13964 14218 4025c7 13964->14218 13966 402394 13967 403a63 ctype 29 API calls 13966->13967 13968 4010d7 13967->13968 13969 402340 13968->13969 13970 40234a __EH_prolog 13969->13970 13971 4025c7 30 API calls 13970->13971 13972 402359 13971->13972 13973 403a63 ctype 29 API calls 13972->13973 13974 4010df 13973->13974 13974->13441 14232 40222b 13975->14232 13978 403b38 13981 403b41 13978->13981 13979 403a90 5 API calls ctype 13979->13981 13980 401108 13980->13447 13981->13979 13981->13980 13983 401166 13982->13983 13984 40246b 13982->13984 13988 401b11 13983->13988 13985 403a3d 30 API calls 13984->13985 13986 402472 13985->13986 13986->13983 13987 403a63 ctype 29 API calls 13986->13987 13987->13983 13989 401b1b __EH_prolog 13988->13989 14245 405a0f 13989->14245 13992 401b4d 13992->13458 13993 401b49 ctype 13993->13992 14248 405a6c 13993->14248 14252 401f02 13993->14252 13996 40218d 30 API calls 13995->13996 13997 4014c3 13996->13997 13998 4052cf 13997->13998 13999 4052d9 __EH_prolog 13998->13999 14000 40536a 43 API calls 13999->14000 14001 4052e4 14000->14001 14002 4014d4 14001->14002 14003 40218d 30 API calls 14001->14003 14002->13490 14002->13491 14004 4052ff 14003->14004 14311 4050ee 14004->14311 14007 40530e 14009 403a63 ctype 29 API calls 14007->14009 14009->14002 14013 403a63 ctype 29 API calls 14013->14007 14015 413c35 ctype 29 API calls 14014->14015 14016 403a48 14015->14016 14017 403a61 14016->14017 14454 413b0d RaiseException 14016->14454 14017->13507 14020 407f98 __EH_prolog 14019->14020 14021 404349 ctype 34 API calls 14020->14021 14025 407fa7 14021->14025 14023 401d50 30 API calls 14023->14025 14025->14023 14028 401525 14025->14028 14455 40802f 14025->14455 14458 407d8d 14025->14458 14485 4080cf 14025->14485 14493 4020af 14025->14493 14028->13521 14028->13522 14030 40218d 30 API calls 14029->14030 14031 40154c 14030->14031 14031->13534 14033 402f08 __EH_prolog 14032->14033 14571 40335f 14033->14571 14036 401daf 30 API calls 14037 402f3c 14036->14037 14038 401daf 30 API calls 14037->14038 14039 402f4a 14038->14039 14040 403a3d 30 API calls 14039->14040 14041 402f54 14040->14041 14043 402f67 14041->14043 14637 4034cc 14041->14637 14044 403020 14043->14044 14045 402f83 14043->14045 14579 4030fc 14044->14579 14651 412ff0 14045->14651 14048 402fab 14050 402fb1 14048->14050 14051 402fbe 14048->14051 14049 40302b 14052 401daf 30 API calls 14049->14052 14053 412fb0 ctype 2 API calls 14050->14053 14054 40218d 30 API calls 14051->14054 14055 403039 14052->14055 14056 402fb9 14053->14056 14057 402fd1 14054->14057 14055->14056 14059 401daf 30 API calls 14055->14059 14627 403473 14056->14627 14058 405ed1 33 API calls 14057->14058 14060 402fe0 14058->14060 14059->14056 14062 401daf 30 API calls 14060->14062 14064 402fed 14062->14064 14065 403a63 ctype 29 API calls 14064->14065 14066 402ff9 14065->14066 14657 403086 14066->14657 14068 40300a 14069 403a63 ctype 29 API calls 14068->14069 14070 403012 14069->14070 14071 412fb0 ctype 2 API calls 14070->14071 14072 40301e 14071->14072 14072->14049 14074 404f7a __EH_prolog 14073->14074 14075 404f97 GetCurrentDirectoryA 14074->14075 14076 404fee GetCurrentDirectoryW 14074->14076 14078 403bdf 30 API calls 14075->14078 14077 401d50 30 API calls 14076->14077 14080 401611 14077->14080 14079 404fc0 14078->14079 14081 403bca 31 API calls 14079->14081 14088 404f2c 14080->14088 14082 404fce 14081->14082 14083 401daf 30 API calls 14082->14083 14084 404fda 14083->14084 14085 403a63 ctype 29 API calls 14084->14085 14086 404fe2 14085->14086 14087 403a63 ctype 29 API calls 14086->14087 14087->14080 14089 404f61 SetCurrentDirectoryW 14088->14089 14090 404f3b 14088->14090 14089->13583 14091 403b85 31 API calls 14090->14091 14092 404f46 SetCurrentDirectoryA 14091->14092 14093 403a63 ctype 29 API calls 14092->14093 14094 404f5b 14093->14094 14094->13583 14096 401803 14095->14096 14097 405bb8 14095->14097 14096->13629 14097->14096 14098 401ded 30 API calls 14097->14098 14098->14096 14100 401820 14099->14100 14101 401e9e 14099->14101 14100->13658 14101->14100 16228 4023b6 14101->16228 14117 40222b 30 API calls 14116->14117 14118 401132 14117->14118 14119 401daf 14118->14119 14120 401dbb 14119->14120 14122 40113b 14119->14122 14121 40218d 30 API calls 14120->14121 14121->14122 14122->13462 14123->13463 14125 403dee __EH_prolog 14124->14125 14126 404349 ctype 34 API calls 14125->14126 14129 403dff 14126->14129 14127 4011ee 14127->13487 14127->13488 14128 401c9d 30 API calls 14128->14129 14129->14127 14129->14128 14131 403f76 14129->14131 14137 40245b 30 API calls 14129->14137 14138 403f93 14129->14138 14140 4041a9 30 API calls 14129->14140 14147 403a63 29 API calls ctype 14129->14147 14148 401f02 30 API calls 14129->14148 16236 403fc6 14129->16236 16246 404148 14129->16246 16256 40215c 14129->16256 14132 403a63 ctype 29 API calls 14131->14132 14133 403f7e 14132->14133 14134 403a63 ctype 29 API calls 14133->14134 14135 403f86 14134->14135 14136 403a63 ctype 29 API calls 14135->14136 14136->14127 14137->14129 14139 403a63 ctype 29 API calls 14138->14139 14141 403f9b 14139->14141 14140->14129 14142 403a63 ctype 29 API calls 14141->14142 14143 403fa3 14142->14143 14145 403a63 ctype 29 API calls 14143->14145 14146 403fab 14145->14146 14149 403a63 ctype 29 API calls 14146->14149 14147->14129 14148->14129 14149->14127 14151->13665 14153 404115 14152->14153 14154 404119 14153->14154 14155 40412f 14153->14155 14156 40218d 30 API calls 14154->14156 14157 401d16 30 API calls 14155->14157 14158 40122a 14156->14158 14157->14158 14158->13510 14159->13543 14160->13543 16261 405e00 14161->16261 14165 4021e1 30 API calls 14164->14165 14166 401e28 14165->14166 14166->13607 14167->13631 14174 401d6d 14173->14174 14175 40218d 30 API calls 14174->14175 14176 4017c6 14175->14176 14177 4057af 14176->14177 14178 4057b9 __EH_prolog 14177->14178 14179 404d82 30 API calls 14178->14179 14180 4057c8 14179->14180 14181 405620 37 API calls 14180->14181 14182 4057d5 14181->14182 14183 403a63 ctype 29 API calls 14182->14183 14184 4017ce 14183->14184 14184->13596 14184->13626 14198 403bf6 14197->14198 14198->14198 14199 40245b 30 API calls 14198->14199 14200 403c05 14199->14200 14201 403bca 14200->14201 14204 403c26 14201->14204 14205 403c30 __EH_prolog 14204->14205 14206 40218d 30 API calls 14205->14206 14207 403c53 14206->14207 14208 403c9a 14207->14208 14209 403c6b MultiByteToWideChar 14207->14209 14211 40218d 30 API calls 14207->14211 14210 401d16 30 API calls 14208->14210 14209->14208 14212 403c85 14209->14212 14213 403cb0 14210->14213 14211->14209 14217 413b0d RaiseException 14212->14217 14215 403a63 ctype 29 API calls 14213->14215 14216 403bda 14215->14216 14216->13957 14217->14208 14219 4025d1 __EH_prolog 14218->14219 14220 40218d 30 API calls 14219->14220 14221 4025ed 14220->14221 14222 401ded 30 API calls 14221->14222 14223 4025fa 14222->14223 14224 401ded 30 API calls 14223->14224 14225 402604 14224->14225 14226 401ded 30 API calls 14225->14226 14227 40260e 14226->14227 14228 401d16 30 API calls 14227->14228 14229 40261a 14228->14229 14230 403a63 ctype 29 API calls 14229->14230 14231 402622 14230->14231 14231->13966 14234 402235 __EH_prolog 14232->14234 14233 402269 14236 40218d 30 API calls 14233->14236 14234->14233 14235 40225e 14234->14235 14237 401d16 30 API calls 14235->14237 14238 40227c 14236->14238 14239 4010ff 14237->14239 14240 40218d 30 API calls 14238->14240 14239->13978 14241 402289 14240->14241 14242 401d16 30 API calls 14241->14242 14243 4022bd 14242->14243 14244 403a63 ctype 29 API calls 14243->14244 14244->14239 14255 4059ee 14245->14255 14251 405a79 14248->14251 14250 405aa5 14250->13993 14251->14250 14302 405a4a 14251->14302 14307 4024a9 14252->14307 14258 4059d1 14255->14258 14261 405892 14258->14261 14271 405905 14261->14271 14264 4058f7 14264->13993 14265 4058de CreateFileW 14265->14264 14266 4058af 14274 403b85 14266->14274 14269 403a63 ctype 29 API calls 14270 4058db 14269->14270 14270->14264 14272 40590f CloseHandle 14271->14272 14273 4058a0 14271->14273 14272->14273 14273->14264 14273->14265 14273->14266 14275 403b8f __EH_prolog 14274->14275 14276 401cb5 30 API calls 14275->14276 14277 403ba2 14276->14277 14282 403d8e 14277->14282 14280 403a63 ctype 29 API calls 14281 403bba CreateFileA 14280->14281 14281->14269 14285 403ccd 14282->14285 14286 403cd7 __EH_prolog 14285->14286 14287 40245b 30 API calls 14286->14287 14288 403cf9 14287->14288 14289 403d1a WideCharToMultiByte 14288->14289 14291 40245b 30 API calls 14288->14291 14293 403d5d 14288->14293 14292 403d48 14289->14292 14289->14293 14291->14289 14298 413b0d RaiseException 14292->14298 14299 403dae 14293->14299 14296 403a63 ctype 29 API calls 14297 403bb2 14296->14297 14297->14280 14298->14293 14300 40245b 30 API calls 14299->14300 14301 403d72 14300->14301 14301->14296 14303 405a57 14302->14303 14306 405a1d ReadFile 14303->14306 14305 405a68 14305->14251 14306->14305 14308 401f0c 14307->14308 14309 4024bd 14307->14309 14308->13993 14310 40245b 30 API calls 14309->14310 14310->14308 14312 4050f8 __EH_prolog 14311->14312 14313 405115 GetTempPathA 14312->14313 14314 40516c GetTempPathW 14312->14314 14315 403bdf 30 API calls 14313->14315 14316 401d50 30 API calls 14314->14316 14317 40513e 14315->14317 14319 405168 14316->14319 14318 403bca 31 API calls 14317->14318 14320 40514c 14318->14320 14319->14007 14326 40485a 14319->14326 14321 401daf 30 API calls 14320->14321 14322 405158 14321->14322 14323 403a63 ctype 29 API calls 14322->14323 14324 405160 14323->14324 14325 403a63 ctype 29 API calls 14324->14325 14325->14319 14327 404864 __EH_prolog 14326->14327 14328 401d16 30 API calls 14327->14328 14329 404877 14328->14329 14350 4048ab 14329->14350 14332 401d16 30 API calls 14333 404891 14332->14333 14334 403a63 ctype 29 API calls 14333->14334 14335 404899 14334->14335 14336 4051b7 GetCurrentThreadId GetTickCount GetCurrentProcessId 14335->14336 14346 4051ea 14336->14346 14337 401d50 30 API calls 14337->14346 14338 4048ab 30 API calls 14338->14346 14340 40526e SetLastError 14340->14346 14341 401ded 30 API calls 14349 40522c 14341->14349 14343 4048ab 30 API calls 14347 405240 GetTickCount 14343->14347 14344 4052b8 14344->14013 14346->14337 14346->14338 14346->14340 14346->14344 14348 405299 GetLastError 14346->14348 14346->14349 14358 405800 14346->14358 14366 4049f4 14346->14366 14374 405ae5 14346->14374 14347->14349 14348->14346 14349->14341 14349->14343 14349->14346 14351 4048c0 14350->14351 14354 4021e1 14351->14354 14355 402225 14354->14355 14356 4021f5 14354->14356 14355->14332 14357 40218d 30 API calls 14356->14357 14357->14355 14359 40580a __EH_prolog 14358->14359 14377 404d82 14359->14377 14364 403a63 ctype 29 API calls 14365 405830 14364->14365 14365->14346 14367 404a03 14366->14367 14368 404a29 CreateDirectoryW 14366->14368 14370 403b85 31 API calls 14367->14370 14369 404a34 14368->14369 14369->14346 14371 404a0e CreateDirectoryA 14370->14371 14372 403a63 ctype 29 API calls 14371->14372 14373 404a23 14372->14373 14373->14369 14448 405ace 14374->14448 14378 40218d 30 API calls 14377->14378 14379 404d99 14378->14379 14380 405620 14379->14380 14381 40562a __EH_prolog 14380->14381 14415 405434 14381->14415 14384 405653 GetLastError 14386 405661 14384->14386 14385 405414 FindClose 14414 405773 14385->14414 14387 401cb5 30 API calls 14386->14387 14393 40564c 14386->14393 14388 4056d3 14387->14388 14389 405788 14388->14389 14390 401cb5 30 API calls 14388->14390 14391 403a63 ctype 29 API calls 14389->14391 14392 4056f0 14390->14392 14391->14393 14394 405705 14392->14394 14395 401ded 30 API calls 14392->14395 14393->14385 14396 401ded 30 API calls 14394->14396 14395->14394 14397 40570f 14396->14397 14398 405434 35 API calls 14397->14398 14399 40571e 14398->14399 14400 405777 SetLastError 14399->14400 14402 405736 14399->14402 14401 403a63 ctype 29 API calls 14400->14401 14401->14389 14403 40222b 30 API calls 14402->14403 14404 405744 14403->14404 14405 401daf 30 API calls 14404->14405 14406 405750 14405->14406 14407 403a63 ctype 29 API calls 14406->14407 14408 405758 14407->14408 14409 403a63 ctype 29 API calls 14408->14409 14410 405760 14409->14410 14411 403a63 ctype 29 API calls 14410->14411 14412 405768 14411->14412 14429 405414 14412->14429 14414->14364 14416 405414 FindClose 14415->14416 14417 405445 14416->14417 14418 4054a4 14417->14418 14419 405452 14417->14419 14420 40548d FindFirstFileW 14417->14420 14418->14384 14418->14393 14421 403b85 31 API calls 14419->14421 14420->14418 14422 4054a8 14420->14422 14423 40545d FindFirstFileA 14421->14423 14444 4054bd 14422->14444 14425 403a63 ctype 29 API calls 14423->14425 14426 405477 14425->14426 14426->14418 14432 40551c 14426->14432 14430 40541e FindClose 14429->14430 14431 405429 14429->14431 14430->14431 14431->14414 14433 405526 __EH_prolog 14432->14433 14434 403bdf 30 API calls 14433->14434 14435 405584 14434->14435 14436 403bca 31 API calls 14435->14436 14437 405592 14436->14437 14438 401daf 30 API calls 14437->14438 14439 40559f 14438->14439 14440 403a63 ctype 29 API calls 14439->14440 14441 4055a7 14440->14441 14442 403a63 ctype 29 API calls 14441->14442 14443 40548b 14442->14443 14443->14418 14445 4054fb 14444->14445 14446 401d50 30 API calls 14445->14446 14447 405518 14446->14447 14447->14418 14451 405ab1 14448->14451 14452 405892 34 API calls 14451->14452 14453 405acb 14452->14453 14453->14346 14454->14017 14456 40218d 30 API calls 14455->14456 14457 40804f 14456->14457 14457->14025 14459 407d97 __EH_prolog 14458->14459 14460 401cb5 30 API calls 14459->14460 14474 407dee 14459->14474 14461 407dd3 14460->14461 14501 407ee9 14461->14501 14462 401cb5 30 API calls 14466 407dff 14462->14466 14463 407e9f 14465 404349 ctype 34 API calls 14463->14465 14469 407eae 14465->14469 14470 407ee9 35 API calls 14466->14470 14467 401c9d 30 API calls 14483 407e1a 14467->14483 14472 404320 ctype 34 API calls 14469->14472 14473 407e0e 14470->14473 14471 403a63 ctype 29 API calls 14471->14474 14475 407eba 14472->14475 14476 403a63 ctype 29 API calls 14473->14476 14474->14462 14474->14483 14477 404349 ctype 34 API calls 14475->14477 14476->14483 14479 407ecc 14477->14479 14478 401daf 30 API calls 14478->14483 14480 404320 ctype 34 API calls 14479->14480 14481 407ed8 14480->14481 14481->14025 14483->14463 14483->14467 14483->14478 14484 403a63 29 API calls ctype 14483->14484 14514 40806e 14483->14514 14484->14483 14486 4080d9 __EH_prolog 14485->14486 14487 403a3d 30 API calls 14486->14487 14488 4080e4 14487->14488 14489 4080fb 14488->14489 14554 408116 14488->14554 14490 40a528 30 API calls 14489->14490 14492 408107 14490->14492 14492->14025 14494 4020b9 __EH_prolog 14493->14494 14495 404349 ctype 34 API calls 14494->14495 14496 4020dd 14495->14496 14497 404320 ctype 34 API calls 14496->14497 14498 4020e8 14497->14498 14499 403a63 ctype 29 API calls 14498->14499 14500 4020f0 14499->14500 14500->14025 14502 407ef3 __EH_prolog 14501->14502 14503 404349 ctype 34 API calls 14502->14503 14504 407f05 14503->14504 14505 40218d 30 API calls 14504->14505 14510 407f1a 14505->14510 14506 407f76 14507 403a63 ctype 29 API calls 14506->14507 14509 407de2 14507->14509 14508 407f65 14508->14506 14512 403981 30 API calls 14508->14512 14509->14471 14510->14506 14510->14508 14511 401ded 30 API calls 14510->14511 14524 403981 14510->14524 14511->14510 14512->14506 14515 408078 __EH_prolog 14514->14515 14516 403a3d 30 API calls 14515->14516 14517 408084 14516->14517 14518 4080ae 14517->14518 14519 401d16 30 API calls 14517->14519 14520 40a528 30 API calls 14518->14520 14521 40809e 14519->14521 14522 4080bf 14520->14522 14523 401d16 30 API calls 14521->14523 14522->14483 14523->14518 14525 40398b __EH_prolog 14524->14525 14526 403a3d 30 API calls 14525->14526 14527 403996 14526->14527 14528 4039ad 14527->14528 14529 401d16 30 API calls 14527->14529 14532 40a528 14528->14532 14529->14528 14535 404372 14532->14535 14536 4039b9 14535->14536 14537 40437a 14535->14537 14536->14510 14539 40439a 14537->14539 14540 40443e 14539->14540 14541 4043ae 14539->14541 14540->14536 14542 4043cb 14541->14542 14551 413b0d RaiseException 14541->14551 14544 4043f2 14542->14544 14552 413b0d RaiseException 14542->14552 14546 40441a 14544->14546 14548 403a3d 30 API calls 14544->14548 14547 403a63 ctype 29 API calls 14546->14547 14547->14540 14549 4043fe 14548->14549 14549->14546 14553 413b0d RaiseException 14549->14553 14551->14542 14552->14544 14553->14546 14555 408120 __EH_prolog 14554->14555 14556 401d16 30 API calls 14555->14556 14557 408147 14556->14557 14560 40816f 14557->14560 14561 408179 __EH_prolog 14560->14561 14562 404349 ctype 34 API calls 14561->14562 14563 4081a0 14562->14563 14566 4081bb 14563->14566 14567 40439a 30 API calls 14566->14567 14570 4081d3 14567->14570 14568 408157 14568->14489 14569 40806e 30 API calls 14569->14570 14570->14568 14570->14569 14572 403369 __EH_prolog 14571->14572 14573 40218d 30 API calls 14572->14573 14574 403385 14573->14574 14575 40218d 30 API calls 14574->14575 14576 40339a 14575->14576 14577 40218d 30 API calls 14576->14577 14578 402f27 14577->14578 14578->14036 14580 403106 __EH_prolog 14579->14580 14581 401c9d 30 API calls 14580->14581 14582 403116 14581->14582 14583 405620 37 API calls 14582->14583 14584 403126 14583->14584 14585 40312a 14584->14585 14588 403141 14584->14588 14586 401d50 30 API calls 14585->14586 14587 403138 14586->14587 14589 403a63 ctype 29 API calls 14587->14589 14671 408d5e 14588->14671 14622 4031aa 14589->14622 14592 404320 ctype 34 API calls 14593 40318f 14592->14593 14594 403194 14593->14594 14595 4031af 14593->14595 14597 401d50 30 API calls 14594->14597 14596 401d16 30 API calls 14595->14596 14598 4031bb 14596->14598 14597->14587 14599 405bad 30 API calls 14598->14599 14600 4031c7 14599->14600 14706 404a3e 14600->14706 14603 403213 14605 401cb5 30 API calls 14603->14605 14604 4031d3 14833 4092e6 14604->14833 14607 403220 14605->14607 14741 402686 14607->14741 14613 403a63 ctype 29 API calls 14615 403252 14613->14615 14748 40b98f 14615->14748 14797 40bff7 14615->14797 14618 40326d 14620 403a63 ctype 29 API calls 14618->14620 14623 403278 14620->14623 14622->14049 14628 40347d __EH_prolog 14627->14628 14629 403a63 ctype 29 API calls 14628->14629 14630 403493 14629->14630 16091 403405 14630->16091 14633 403a63 ctype 29 API calls 14634 4034b5 14633->14634 14635 403a63 ctype 29 API calls 14634->14635 14636 401580 14635->14636 14636->13545 14636->13546 14638 4034d6 __EH_prolog 14637->14638 14639 40218d 30 API calls 14638->14639 14640 403508 14639->14640 14641 40218d 30 API calls 14640->14641 14642 40351e 14641->14642 14643 40218d 30 API calls 14642->14643 14644 403534 14643->14644 14645 40218d 30 API calls 14644->14645 14646 40354d 14645->14646 16101 40358f 14646->16101 14649 40218d 30 API calls 14650 403572 14649->14650 14650->14043 16120 41468e 14651->16120 14654 413013 14654->14048 14655 413018 GetLastError 14656 413022 14655->14656 14656->14048 14658 403090 __EH_prolog 14657->14658 14659 401daf 30 API calls 14658->14659 14660 4030a5 14659->14660 16192 4060e5 14660->16192 14664 4030bd 14665 405ed1 33 API calls 14664->14665 14666 4030c8 14665->14666 16212 405eeb 14666->16212 14669 403a63 ctype 29 API calls 14670 4030de ShowWindow 14669->14670 14670->14068 14672 408d68 __EH_prolog 14671->14672 14673 403a3d 30 API calls 14672->14673 14674 408d82 14673->14674 14675 408d94 14674->14675 14899 408f0b 14674->14899 14677 40218d 30 API calls 14675->14677 14678 408dcb 14677->14678 14679 40218d 30 API calls 14678->14679 14680 408de2 14679->14680 14688 408e11 14680->14688 14841 405039 14680->14841 14686 408e65 14690 402635 30 API calls 14686->14690 14687 408e3e 14689 403a63 ctype 29 API calls 14687->14689 14873 40888f 14688->14873 14691 408e46 14689->14691 14692 408e74 14690->14692 14693 403a63 ctype 29 API calls 14691->14693 14694 403981 30 API calls 14692->14694 14704 403181 14693->14704 14695 408e81 14694->14695 14696 403a63 ctype 29 API calls 14695->14696 14700 408e8d 14696->14700 14697 408ec6 14699 403a63 ctype 29 API calls 14697->14699 14698 402635 30 API calls 14698->14700 14701 408ee0 14699->14701 14700->14697 14700->14698 14702 403981 30 API calls 14700->14702 14705 403a63 ctype 29 API calls 14700->14705 14703 403a63 ctype 29 API calls 14701->14703 14702->14700 14703->14704 14704->14592 14705->14700 14707 404a48 __EH_prolog 14706->14707 14708 401cb5 30 API calls 14707->14708 14711 404a56 14708->14711 14709 401d16 30 API calls 14734 404ab4 14709->14734 14710 4049f4 33 API calls 14710->14734 14711->14709 14715 404a96 14711->14715 14712 404acb GetLastError 14716 404b47 14712->14716 14712->14734 14713 404b9e 14714 401daf 30 API calls 14713->14714 14732 404bab 14714->14732 14720 403a63 ctype 29 API calls 14715->14720 14718 401c9d 30 API calls 14716->14718 14717 404c00 14721 403a63 ctype 29 API calls 14717->14721 14719 404b4f 14718->14719 14722 405620 37 API calls 14719->14722 14723 4031cf 14720->14723 14721->14715 14724 404b5e 14722->14724 14723->14603 14723->14604 14725 404b62 14724->14725 14726 404b92 14724->14726 14727 403a63 ctype 29 API calls 14725->14727 14729 403a63 ctype 29 API calls 14726->14729 14730 404b7a 14727->14730 14728 401e6f 30 API calls 14728->14732 14729->14713 14733 403a63 ctype 29 API calls 14730->14733 14731 401e6f 30 API calls 14731->14734 14732->14717 14732->14728 14735 4049f4 33 API calls 14732->14735 14739 403a63 ctype 29 API calls 14732->14739 14736 404b82 14733->14736 14734->14710 14734->14712 14734->14713 14734->14717 14734->14731 14737 401daf 30 API calls 14734->14737 14740 403a63 ctype 29 API calls 14734->14740 14735->14732 14738 403a63 ctype 29 API calls 14736->14738 14737->14734 14738->14723 14739->14732 14740->14734 14742 401daf 30 API calls 14741->14742 14743 4026ad 14742->14743 14744 401daf 30 API calls 14743->14744 14745 4026d9 14744->14745 14746 405bad 30 API calls 14745->14746 14747 4026e0 14746->14747 14747->14613 14760 40b999 __EH_prolog 14748->14760 14749 40bb14 14751 40bb56 14749->14751 14752 40bb29 14749->14752 14756 403a3d 30 API calls 14751->14756 14753 404349 ctype 34 API calls 14752->14753 14755 40bb3c 14753->14755 14754 40c233 35 API calls 14754->14760 14786 40bb7a 14756->14786 14759 404320 34 API calls ctype 14759->14760 14760->14749 14760->14754 14760->14759 14774 40b9e9 14760->14774 15514 40c0d4 14760->15514 15520 40c047 14760->15520 15524 40c1d9 14760->15524 14762 40bbe2 14763 40bc3e 14765 403a3d 30 API calls 14765->14786 14774->14618 14776 40bd0b 14783 40c820 62 API calls 14783->14786 14784 40beb9 14785 40be1f 14786->14762 14786->14763 14786->14765 14786->14774 14786->14776 14786->14783 14786->14784 14786->14785 14787 40be7b 14786->14787 14790 40bf1c 14786->14790 15403 40c50e 14786->15403 15407 40ab05 14786->15407 15533 40c3ae 14786->15533 14813 40bbbd 14797->14813 14798 40bbe2 14800 40c146 34 API calls 14798->14800 14799 40bc3e 14803 40c146 34 API calls 14799->14803 14802 40bc02 14800->14802 14801 403a3d 30 API calls 14801->14813 14804 404349 ctype 34 API calls 14802->14804 14805 40bc59 14803->14805 14808 40c1fb ctype 34 API calls 14805->14808 14807 40c3ae 30 API calls 14807->14813 14810 40bc21 14808->14810 14810->14618 14811 40c50e 62 API calls 14811->14813 14812 40bd0b 14814 40c146 34 API calls 14812->14814 14813->14798 14813->14799 14813->14801 14813->14807 14813->14810 14813->14811 14813->14812 14816 40ab05 96 API calls 14813->14816 14820 40c820 62 API calls 14813->14820 14821 40beb9 14813->14821 14822 40be1f 14813->14822 14823 40be7b 14813->14823 14826 40bf1c 14813->14826 14815 40bd3c 14814->14815 14817 404349 ctype 34 API calls 14815->14817 14816->14813 14818 40bd4f 14817->14818 14820->14813 14824 40c146 34 API calls 14821->14824 14827 40c146 34 API calls 14822->14827 14828 40c146 34 API calls 14823->14828 14825 40be49 14824->14825 14829 404349 ctype 34 API calls 14825->14829 14830 40c146 34 API calls 14826->14830 14827->14825 14828->14825 14830->14825 14834 4092f0 __EH_prolog 14833->14834 14835 405ed1 33 API calls 14834->14835 14836 409302 14835->14836 16077 409273 14836->16077 14842 405043 __EH_prolog 14841->14842 14907 404e2e 14842->14907 14845 405066 14847 401e6f 30 API calls 14845->14847 14858 4050d9 14845->14858 14846 401d50 30 API calls 14846->14845 14848 40509d 14847->14848 14849 401daf 30 API calls 14848->14849 14850 4050a9 14849->14850 14851 403a63 ctype 29 API calls 14850->14851 14852 4050b5 14851->14852 14853 401e4e 30 API calls 14852->14853 14854 4050c2 14853->14854 14855 401daf 30 API calls 14854->14855 14856 4050d1 14855->14856 14857 403a63 ctype 29 API calls 14856->14857 14857->14858 14859 409070 14858->14859 14860 40907a __EH_prolog 14859->14860 14861 401daf 30 API calls 14860->14861 14862 40908f 14861->14862 14863 402635 30 API calls 14862->14863 14864 40909c 14863->14864 14865 405620 37 API calls 14864->14865 14866 4090ab 14865->14866 14867 403a63 ctype 29 API calls 14866->14867 14868 4090bf 14867->14868 14869 4090d9 14868->14869 14927 413b0d RaiseException 14868->14927 14871 404349 ctype 34 API calls 14869->14871 14872 4090e1 14871->14872 14872->14688 14896 408899 __EH_prolog 14873->14896 14874 408b4f 14877 405cd6 VariantClear 14874->14877 14875 401daf 30 API calls 14875->14896 14876 408cc9 14879 405cd6 VariantClear 14876->14879 14888 4088b5 14877->14888 14879->14888 14880 408b3c 15038 4038ab 14880->15038 14882 409177 30 API calls 14882->14896 14884 408cf4 30 API calls 14884->14896 14886 408b62 14887 4038ab 29 API calls 14886->14887 14887->14888 14888->14686 14888->14687 14890 408ba9 14893 4038ab 29 API calls 14890->14893 14891 408c02 14894 4038ab 29 API calls 14891->14894 14893->14888 14894->14888 14895 408c5a 14897 4038ab 29 API calls 14895->14897 14896->14874 14896->14875 14896->14876 14896->14880 14896->14882 14896->14884 14896->14886 14896->14888 14896->14890 14896->14891 14896->14895 14898 4038ab 29 API calls 14896->14898 14928 408755 14896->14928 14941 405cd6 14896->14941 14945 4081f4 14896->14945 14970 4083ab 14896->14970 15034 408313 14896->15034 14897->14888 14898->14896 14900 408f15 __EH_prolog 14899->14900 14901 40218d 30 API calls 14900->14901 14902 408f48 14901->14902 14903 404d82 30 API calls 14902->14903 14904 408f53 14903->14904 14905 40218d 30 API calls 14904->14905 14906 408f69 14905->14906 14906->14675 14908 404e38 __EH_prolog 14907->14908 14909 404e59 14908->14909 14910 404edd GetFullPathNameW 14908->14910 14911 403b85 31 API calls 14909->14911 14912 404f02 14910->14912 14913 404ed9 14910->14913 14914 404e6c GetFullPathNameA 14911->14914 14912->14913 14916 401d50 30 API calls 14912->14916 14913->14845 14913->14846 14915 403a63 ctype 29 API calls 14914->14915 14917 404e8f 14915->14917 14916->14913 14917->14913 14918 403bdf 30 API calls 14917->14918 14919 404eaf 14918->14919 14920 403bca 31 API calls 14919->14920 14921 404ebd 14920->14921 14922 401daf 30 API calls 14921->14922 14923 404ec9 14922->14923 14924 403a63 ctype 29 API calls 14923->14924 14925 404ed1 14924->14925 14926 403a63 ctype 29 API calls 14925->14926 14926->14913 14927->14869 14929 40875f __EH_prolog 14928->14929 14930 40877a 14929->14930 14931 40879e 14929->14931 14932 403a3d 30 API calls 14930->14932 14933 408781 14931->14933 14935 403a3d 30 API calls 14931->14935 14932->14933 14934 4083ab 101 API calls 14933->14934 14936 40880c 14934->14936 14937 4087aa 14935->14937 14936->14896 14938 405a0f 34 API calls 14937->14938 14939 4087e4 14938->14939 14939->14933 14940 4087e8 GetLastError 14939->14940 14940->14936 14942 405cdb 14941->14942 14943 405d13 14942->14943 14944 405cfc VariantClear 14942->14944 14943->14896 14944->14896 14946 4081fe __EH_prolog 14945->14946 14947 40822a 14946->14947 14948 40823d 14946->14948 14949 405cd6 VariantClear 14947->14949 14950 408253 14948->14950 14951 408244 14948->14951 14968 408236 14949->14968 14953 4082f1 14950->14953 14954 408251 14950->14954 14952 401d50 30 API calls 14951->14952 14952->14954 14955 405cd6 VariantClear 14953->14955 14956 405cd6 VariantClear 14954->14956 14955->14968 14957 408274 14956->14957 14958 401daf 30 API calls 14957->14958 14957->14968 14959 408284 14958->14959 14960 4082a8 14959->14960 14961 4082b3 14959->14961 14962 4082d6 14959->14962 14965 405cd6 VariantClear 14960->14965 14963 401ded 30 API calls 14961->14963 14962->14960 14964 4082c6 14962->14964 14966 4082bc 14963->14966 14967 405cd6 VariantClear 14964->14967 14965->14968 14969 4048ab 30 API calls 14966->14969 14967->14968 14968->14896 14969->14964 14971 4083b5 __EH_prolog 14970->14971 15045 4045d0 14971->15045 14974 40218d 30 API calls 14976 4083f7 14974->14976 14975 40844b 14977 408466 14975->14977 14989 408476 14975->14989 14976->14975 14981 401e4e 30 API calls 14976->14981 14979 40a528 30 API calls 14977->14979 14978 4084c3 14984 40435e ctype 34 API calls 14978->14984 14996 408471 14978->14996 15025 4084cf 14978->15025 14979->14996 14982 408432 14981->14982 14983 401daf 30 API calls 14982->14983 14986 40843f 14983->14986 14984->14996 14990 403a63 ctype 29 API calls 14986->14990 14987 40a528 30 API calls 14987->14989 14988 404320 ctype 34 API calls 14991 4085c9 14988->14991 14989->14978 14989->14987 15083 407d59 14989->15083 15087 40447a 14989->15087 14990->14975 14992 403a63 ctype 29 API calls 14991->14992 14993 4085d1 14992->14993 14994 403a63 ctype 29 API calls 14993->14994 14995 4085d9 14994->14995 14995->14896 14997 4085f2 14996->14997 15001 408628 14996->15001 14996->15025 15049 40647d 14996->15049 15055 40cf82 14996->15055 15075 40dd29 14996->15075 14998 404320 ctype 34 API calls 14997->14998 14999 40860f 14998->14999 15000 403a63 ctype 29 API calls 14999->15000 15003 408617 15000->15003 15002 40867f 15001->15002 15006 401d50 30 API calls 15001->15006 15001->15025 15004 405cd6 VariantClear 15002->15004 15005 403a63 ctype 29 API calls 15003->15005 15007 40868b 15004->15007 15005->14995 15006->15002 15008 408700 15007->15008 15009 4086a4 15007->15009 15010 407d59 5 API calls 15008->15010 15011 401cb5 30 API calls 15009->15011 15012 40870b 15010->15012 15013 4086b2 15011->15013 15015 407bd5 35 API calls 15012->15015 15014 401cb5 30 API calls 15013->15014 15016 4086bf 15014->15016 15017 408727 15015->15017 15090 407bd5 15016->15090 15019 401daf 30 API calls 15017->15019 15021 408734 15019->15021 15023 403a63 ctype 29 API calls 15021->15023 15022 401daf 30 API calls 15024 4086e3 15022->15024 15023->15025 15025->14988 15035 40831d __EH_prolog 15034->15035 15036 405cd6 VariantClear 15035->15036 15037 408398 15036->15037 15037->14896 15039 403a63 ctype 29 API calls 15038->15039 15040 4038b6 15039->15040 15041 403a63 ctype 29 API calls 15040->15041 15042 4038be 15041->15042 15043 403a63 ctype 29 API calls 15042->15043 15044 4038c6 15043->15044 15044->14888 15048 4045e0 15045->15048 15046 401e4e 30 API calls 15047 404605 15046->15047 15047->14974 15048->15046 15050 406486 15049->15050 15051 40648d 15049->15051 15050->14996 15100 405970 SetFilePointer 15051->15100 15056 40cf8c __EH_prolog 15055->15056 15057 40dd29 34 API calls 15056->15057 15058 40cfdf 15057->15058 15059 40cfe5 15058->15059 15060 40d006 15058->15060 15111 40d0a6 15059->15111 15107 40f6e0 15060->15107 15064 40d038 15065 40d019 15074 40cff1 15074->14996 15076 40dd3b 15075->15076 15081 40647d 3 API calls 15076->15081 15077 40dd4f 15078 40dd86 15077->15078 15082 40647d 3 API calls 15077->15082 15078->14996 15079 40dd63 15079->15078 15349 40db62 15079->15349 15081->15077 15082->15079 15085 407d81 15083->15085 15086 407d64 15083->15086 15084 403b38 ctype 5 API calls 15084->15086 15085->14989 15086->15084 15086->15085 15088 404372 30 API calls 15087->15088 15089 404482 15088->15089 15089->14989 15091 407bdf __EH_prolog 15090->15091 15368 407c28 15091->15368 15094 40237b 30 API calls 15095 407c03 15094->15095 15096 401d16 30 API calls 15095->15096 15097 407c0e 15096->15097 15098 403a63 ctype 29 API calls 15097->15098 15099 407c16 15098->15099 15099->15022 15101 4059a3 15100->15101 15102 405999 GetLastError 15100->15102 15103 4063ff 15101->15103 15102->15101 15104 406403 15103->15104 15105 406406 GetLastError 15103->15105 15104->15050 15106 406410 15105->15106 15106->15050 15108 40f6ea __EH_prolog 15107->15108 15143 40f449 15108->15143 15112 40d0b0 __EH_prolog 15111->15112 15113 404349 ctype 34 API calls 15112->15113 15114 40d0d4 15113->15114 15115 404320 ctype 34 API calls 15114->15115 15116 40d0df 15115->15116 15116->15074 15144 40f453 __EH_prolog 15143->15144 15183 40d14e 15144->15183 15148 40f495 15149 40d91e RaiseException 15148->15149 15151 40f4ca 15148->15151 15149->15151 15150 40d012 15150->15064 15150->15065 15151->15150 15182 40647d 3 API calls 15151->15182 15152 40f53d 15152->15150 15182->15152 15184 40d1a9 34 API calls 15183->15184 15185 40d156 15184->15185 15186 404349 ctype 34 API calls 15185->15186 15187 40d161 15186->15187 15188 404349 ctype 34 API calls 15187->15188 15189 40d16c 15188->15189 15190 404349 ctype 34 API calls 15189->15190 15191 40d177 15190->15191 15192 404349 ctype 34 API calls 15191->15192 15193 40d182 15192->15193 15194 404349 ctype 34 API calls 15193->15194 15195 40d18d 15194->15195 15195->15148 15341 40d91e 15195->15341 15342 413b0d RaiseException 15341->15342 15343 40d936 15342->15343 15344 40d946 15343->15344 15345 40d91e RaiseException 15343->15345 15344->15148 15345->15344 15350 40db6c __EH_prolog 15349->15350 15351 407689 2 API calls 15350->15351 15353 40db83 15351->15353 15352 40db98 15352->15078 15353->15352 15354 4075ef 30 API calls 15353->15354 15359 40dbbc ctype 15354->15359 15355 40dc78 15356 403a63 ctype 29 API calls 15355->15356 15356->15352 15357 40dc8d 15358 403a63 ctype 29 API calls 15357->15358 15358->15352 15359->15355 15359->15357 15360 40dc90 15359->15360 15363 4063d0 15359->15363 15361 40647d 3 API calls 15360->15361 15361->15357 15364 405a4a ReadFile 15363->15364 15365 4063e8 15364->15365 15366 4063ff GetLastError 15365->15366 15367 4063fb 15366->15367 15367->15359 15370 407c32 __EH_prolog 15368->15370 15369 407d08 15371 407d11 15369->15371 15372 407d22 15369->15372 15373 401e4e 30 API calls 15370->15373 15375 407cb6 15370->15375 15374 40485a 30 API calls 15371->15374 15376 402635 30 API calls 15372->15376 15377 407c6e 15373->15377 15392 407bf7 15374->15392 15375->15369 15379 407ce1 15375->15379 15376->15392 15378 403b38 ctype 5 API calls 15377->15378 15380 407c7b 15378->15380 15381 401e6f 30 API calls 15379->15381 15382 403a63 ctype 29 API calls 15380->15382 15383 407ced 15381->15383 15384 407c8c 15382->15384 15385 402635 30 API calls 15383->15385 15384->15375 15386 407c91 15384->15386 15387 407cb1 15385->15387 15388 401e6f 30 API calls 15386->15388 15390 403a63 ctype 29 API calls 15387->15390 15389 407c9d 15388->15389 15391 402635 30 API calls 15389->15391 15390->15392 15391->15387 15392->15094 15515 40c0de __EH_prolog 15514->15515 15516 40c12c 15515->15516 15517 40439a 30 API calls 15515->15517 15516->14760 15518 40c123 15517->15518 15521 40c056 15520->15521 15523 40c05c 15520->15523 15521->14760 15523->15521 16076 413b0d RaiseException 15523->16076 15525 404372 30 API calls 15524->15525 15526 40c1e1 15525->15526 15526->14760 16076->15521 16078 40927d __EH_prolog 16077->16078 16079 401d16 30 API calls 16078->16079 16080 409290 16079->16080 16081 401cb5 30 API calls 16080->16081 16082 4092a1 16081->16082 16083 401e8b 30 API calls 16082->16083 16084 4092b4 16083->16084 16085 403a63 ctype 29 API calls 16084->16085 16086 4092c0 16085->16086 16087 401d16 30 API calls 16086->16087 16088 4092cc 16087->16088 16089 403a63 ctype 29 API calls 16088->16089 16092 40340f __EH_prolog 16091->16092 16093 404349 ctype 34 API calls 16092->16093 16094 40343b 16093->16094 16095 404320 ctype 34 API calls 16094->16095 16096 403446 16095->16096 16097 404349 ctype 34 API calls 16096->16097 16098 40345a 16097->16098 16099 404320 ctype 34 API calls 16098->16099 16100 403465 16099->16100 16100->14633 16102 403599 __EH_prolog 16101->16102 16103 40218d 30 API calls 16102->16103 16104 4035c6 16103->16104 16111 40364c 16104->16111 16108 4035fd 16109 403559 16108->16109 16118 413b0d RaiseException 16108->16118 16109->14649 16119 4130e0 InitializeCriticalSection 16111->16119 16113 4035da 16114 413070 CreateEventA 16113->16114 16115 413091 GetLastError 16114->16115 16116 41308e 16114->16116 16117 41309b 16115->16117 16116->16108 16117->16108 16118->16109 16119->16113 16121 416ccc 30 API calls 16120->16121 16124 41469e 16121->16124 16122 4146e1 16123 413d6f ctype 29 API calls 16122->16123 16125 4146e7 16123->16125 16124->16122 16126 4146ac CreateThread 16124->16126 16127 413009 16125->16127 16130 416c47 16125->16130 16126->16127 16128 4146d9 GetLastError 16126->16128 16150 4146f9 TlsGetValue 16126->16150 16127->14654 16127->14655 16128->16122 16147 416cc3 16130->16147 16133 416c80 16134 416cba 35 API calls 16133->16134 16136 416c85 16134->16136 16135 416c69 16137 416c90 16135->16137 16139 416c73 16135->16139 16136->16127 16138 416cad 16137->16138 16141 416ca0 16137->16141 16142 416cba 35 API calls 16138->16142 16140 416cba 35 API calls 16139->16140 16143 416c78 16140->16143 16144 416cba 35 API calls 16141->16144 16145 416cb2 16142->16145 16143->16127 16146 416ca5 16144->16146 16145->16127 16146->16127 16148 4152f3 35 API calls 16147->16148 16149 416c4d 16148->16149 16149->16133 16149->16135 16151 414731 16150->16151 16152 414746 TlsSetValue 16150->16152 16170 41535a 16151->16170 16155 414765 GetCurrentThreadId 16152->16155 16156 41475d 16152->16156 16159 414776 16155->16159 16157 4149dc ctype 7 API calls 16156->16157 16158 414764 16157->16158 16158->16155 16162 4147bf 16159->16162 16163 4147c8 16162->16163 16164 4152f3 35 API calls 16163->16164 16165 4147d0 16164->16165 16166 4147dd 16165->16166 16167 4149dc ctype 7 API calls 16165->16167 16168 41535a 31 API calls 16166->16168 16167->16166 16169 4147e4 ExitThread 16168->16169 16171 4153f9 16170->16171 16172 415368 16170->16172 16171->16152 16173 415371 TlsGetValue 16172->16173 16174 41537e 16172->16174 16173->16174 16175 4153ea TlsSetValue 16173->16175 16176 41538b 16174->16176 16177 413d6f ctype 29 API calls 16174->16177 16175->16171 16178 413d6f ctype 29 API calls 16176->16178 16181 415399 16176->16181 16177->16176 16178->16181 16179 4153b5 16184 4153c3 16179->16184 16185 413d6f ctype 29 API calls 16179->16185 16180 4153a7 16180->16179 16183 413d6f ctype 29 API calls 16180->16183 16181->16180 16182 413d6f ctype 29 API calls 16181->16182 16182->16180 16183->16179 16186 4153d1 16184->16186 16187 413d6f ctype 29 API calls 16184->16187 16185->16184 16188 4153e2 16186->16188 16190 413d6f ctype 29 API calls 16186->16190 16187->16186 16189 413d6f ctype 29 API calls 16188->16189 16191 4153e9 16189->16191 16190->16188 16191->16175 16193 4060ef __EH_prolog 16192->16193 16194 406100 DialogBoxParamW 16193->16194 16195 40611a 16193->16195 16201 4030b3 16194->16201 16196 40245b 30 API calls 16195->16196 16197 40612d 16196->16197 16198 406174 DialogBoxParamA 16197->16198 16200 401cb5 30 API calls 16197->16200 16199 403a63 ctype 29 API calls 16198->16199 16199->16201 16202 406143 16200->16202 16211 412fe0 WaitForSingleObject 16201->16211 16203 401a66 31 API calls 16202->16203 16204 406152 16203->16204 16224 405f5d 16204->16224 16207 403a63 ctype 29 API calls 16208 406167 16207->16208 16209 403a63 ctype 29 API calls 16208->16209 16210 40616f 16209->16210 16210->16198 16211->14664 16213 405ef5 __EH_prolog 16212->16213 16214 405f16 16213->16214 16215 405f07 SetWindowTextW 16213->16215 16217 401cb5 30 API calls 16214->16217 16216 4030d6 16215->16216 16216->14669 16218 405f1e 16217->16218 16219 403d8e 31 API calls 16218->16219 16220 405f2d SetWindowTextA 16219->16220 16221 403a63 ctype 29 API calls 16220->16221 16222 405f43 16221->16222 16223 403a63 ctype 29 API calls 16222->16223 16223->16216 16225 405f69 16224->16225 16227 405f7a 16224->16227 16226 40245b 30 API calls 16225->16226 16226->16227 16227->16207 16229 4023c5 16228->16229 16230 4023de 16229->16230 16232 40257d 16229->16232 16230->14101 16233 40258d 16232->16233 16237 403fd0 __EH_prolog 16236->16237 16238 40245b 30 API calls 16237->16238 16239 403ff3 16238->16239 16240 404024 16239->16240 16242 401f02 30 API calls 16239->16242 16241 403dae 30 API calls 16240->16241 16243 404030 16241->16243 16242->16239 16244 403a63 ctype 29 API calls 16243->16244 16245 404038 16244->16245 16245->14129 16247 404152 __EH_prolog 16246->16247 16248 403a3d 30 API calls 16247->16248 16249 40415e 16248->16249 16250 401d16 30 API calls 16249->16250 16255 404188 16249->16255 16251 404178 16250->16251 16253 401d16 30 API calls 16251->16253 16252 40a528 30 API calls 16254 404199 16252->16254 16253->16255 16254->14129 16255->16252 16257 403a63 ctype 29 API calls 16256->16257 16258 402167 16257->16258 16259 403a63 ctype 29 API calls 16258->16259 16260 40216e 16259->16260 16260->14129 16262 405e0a __EH_prolog 16261->16262 16263 405e21 16262->16263 16264 405e9a 16262->16264 16266 40218d 30 API calls 16263->16266 16277 405d5e 16264->16277 16268 405e35 16266->16268 16271 405e54 LoadStringW 16268->16271 16272 40218d 30 API calls 16268->16272 16270 405e95 16274 403a63 ctype 29 API calls 16270->16274 16271->16268 16273 405e6d 16271->16273 16272->16271 16275 401d16 30 API calls 16273->16275 16276 4015a1 16274->16276 16275->16270 16276->13568 16278 405d68 __EH_prolog 16277->16278 16279 40245b 30 API calls 16278->16279 16280 405d8b 16279->16280 16281 405daa LoadStringA 16280->16281 16282 40245b 30 API calls 16280->16282 16281->16280 16283 405dc3 16281->16283 16282->16281 16284 403dae 30 API calls 16283->16284 16285 405de4 16284->16285 16286 403a63 ctype 29 API calls 16285->16286 16287 405dec 16286->16287 16288 404845 16287->16288 16289 403c26 31 API calls 16288->16289 16290 404855 16289->16290 16290->16270 16420 416b2d 16411->16420 16414 416a99 GetCurrentProcess TerminateProcess 16417 416aaa 16414->16417 16415 416b14 16423 416b36 16415->16423 16416 416b1b ExitProcess 16417->16415 16417->16416 16421 4154da ctype 29 API calls 16420->16421 16422 416a8e 16421->16422 16422->16414 16422->16417 16426 41553b LeaveCriticalSection 16423->16426 16425 4149bd 16425->13773 16426->16425 16427 416a88 16428 416b2d 29 API calls 16427->16428 16429 416a8e 16428->16429 16430 416a99 GetCurrentProcess TerminateProcess 16429->16430 16433 416aaa 16429->16433 16430->16433 16431 416b14 16434 416b36 LeaveCriticalSection 16431->16434 16432 416b1b ExitProcess 16433->16431 16433->16432 16435 416b19 16434->16435 16436 40c90c 16437 40c919 16436->16437 16438 40c92a 16436->16438 16437->16438 16442 40c931 16437->16442 16441 403a63 ctype 29 API calls 16441->16438 16443 40c93b __EH_prolog 16442->16443 16446 40c96c 16443->16446 16447 40c976 __EH_prolog 16446->16447 16448 404320 ctype 34 API calls 16447->16448 16449 40c98f 16448->16449 16450 404320 ctype 34 API calls 16449->16450 16451 40c99e 16450->16451 16452 404320 ctype 34 API calls 16451->16452 16453 40c9ad 16452->16453 16454 404320 ctype 34 API calls 16453->16454 16455 40c9bc 16454->16455 16456 404320 ctype 34 API calls 16455->16456 16457 40c9cb 16456->16457 16460 40c9e3 16457->16460 16461 40c9ed __EH_prolog 16460->16461 16462 404320 ctype 34 API calls 16461->16462 16463 40ca08 16462->16463 16464 404320 ctype 34 API calls 16463->16464 16465 40ca1d 16464->16465 16466 404320 ctype 34 API calls 16465->16466 16467 40ca28 16466->16467 16468 404320 ctype 34 API calls 16467->16468 16469 40ca3d 16468->16469 16470 404320 ctype 34 API calls 16469->16470 16471 40ca48 16470->16471 16472 404320 ctype 34 API calls 16471->16472 16473 40ca5d 16472->16473 16474 404320 ctype 34 API calls 16473->16474 16475 40ca68 16474->16475 16476 404320 ctype 34 API calls 16475->16476 16477 40ca7a 16476->16477 16478 404320 ctype 34 API calls 16477->16478 16479 40ca85 16478->16479 16480 404349 ctype 34 API calls 16479->16480 16481 40ca9c 16480->16481 16482 404320 ctype 34 API calls 16481->16482 16483 40caa7 16482->16483 16484 404320 ctype 34 API calls 16483->16484 16485 40cab3 16484->16485 16486 404349 ctype 34 API calls 16485->16486 16487 40caca 16486->16487 16488 404320 ctype 34 API calls 16487->16488 16489 40cad5 16488->16489 16490 404320 ctype 34 API calls 16489->16490 16491 40cae1 16490->16491 16492 404320 ctype 34 API calls 16491->16492 16493 40caed 16492->16493 16494 404320 ctype 34 API calls 16493->16494 16495 40c924 16494->16495 16495->16441 16496 4068fd 16497 40690a 16496->16497 16498 40691b 16496->16498 16497->16498 16502 406922 16497->16502 16501 403a63 ctype 29 API calls 16501->16498 16503 40692c __EH_prolog 16502->16503 16506 410f60 16503->16506 16507 406915 16506->16507 16508 410f64 VirtualFree 16506->16508 16507->16501 16508->16507

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 004148D4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetVersion.KERNEL32 ref: 004148FA
                                                                                                                                                                                  • Part of subcall function 004157C8: HeapCreate.KERNELBASE(00000000,00001000,00000000,00414932,00000001), ref: 004157D9
                                                                                                                                                                                  • Part of subcall function 004157C8: HeapDestroy.KERNEL32 ref: 00415818
                                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 0041495A
                                                                                                                                                                                • GetStartupInfoA.KERNEL32(?), ref: 00414985
                                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004149A8
                                                                                                                                                                                  • Part of subcall function 00414A01: ExitProcess.KERNEL32 ref: 00414A1E
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                                                                                                                                                • String ID: 'Z$`&
                                                                                                                                                                                • API String ID: 2057626494-422609216
                                                                                                                                                                                • Opcode ID: d0b0bc6d91067fd433c2cc4b1856fc531dfd5f25a3beb9f48f66dbad23e013fe
                                                                                                                                                                                • Instruction ID: fb65514f2d73941f5fb5fe300876562abb5c146ee9b99336205dd39c2cb12ef3
                                                                                                                                                                                • Opcode Fuzzy Hash: d0b0bc6d91067fd433c2cc4b1856fc531dfd5f25a3beb9f48f66dbad23e013fe
                                                                                                                                                                                • Instruction Fuzzy Hash: BD219EB19407159FDB14EFB6DC46AEE7BB8EF44704F10412FF910AB291DB3C89818A58
                                                                                                                                                                                Function 00405434 Relevance: 3.0, APIs: 2, Instructions: 44fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00405414: FindClose.KERNELBASE(?,000000FF,00405445,000000FF), ref: 0040541F
                                                                                                                                                                                • FindFirstFileW.KERNELBASE(?,?,000000FF), ref: 00405497
                                                                                                                                                                                  • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
                                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?,000000FF), ref: 00405467
                                                                                                                                                                                  • Part of subcall function 0040551C: __EH_prolog.LIBCMT ref: 00405521
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Find$FileFirstH_prolog$Close
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3335342080-0
                                                                                                                                                                                • Opcode ID: 01ff4a9bc94c78cd279a0d863a54892268cf469c718bfc53d66ce16def007dff
                                                                                                                                                                                • Instruction ID: 44fa9ff84b7e7cb6f1e8d7f9ea47a8a098aa0700a3472251c04f15a334366322
                                                                                                                                                                                • Opcode Fuzzy Hash: 01ff4a9bc94c78cd279a0d863a54892268cf469c718bfc53d66ce16def007dff
                                                                                                                                                                                • Instruction Fuzzy Hash: 33014830401505ABCF20AF64DC456EE7779DF51329F20827AE855672D1D73C9A85CF98
                                                                                                                                                                                Function 00401014 Relevance: 48.0, APIs: 8, Strings: 19, Instructions: 715windowsynchronizationCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 0 401014-40111e call 401a7b call 40218d * 4 GetCommandLineW call 401cb5 call 4038d7 call 403a63 call 40218d call 40460b call 40237b call 402340 call 401cb5 call 401e6f call 403b38 call 403a63 * 2 35 401120-40114f call 401e4e call 401daf call 403a63 call 40237b call 402340 0->35 36 401154-40117e call 40245b call 401b11 0->36 35->36 45 401180-401183 36->45 46 401199-4011c5 call 401cb5 call 40218d 36->46 48 401191-401194 45->48 49 401185-40118c call 410ec0 45->49 62 4014b2-4014d6 call 401c9d call 4052cf 46->62 63 4011cb-4011f0 call 402172 call 403de4 46->63 53 401a27-401a5a call 403a63 * 6 48->53 49->48 113 401a5d 53->113 80 4014f1-4014fd call 403a3d 62->80 81 4014d8-4014db 62->81 77 4011f2-4011f5 63->77 78 40120b-40129a call 401cb5 call 4040fd call 403a63 call 401cb5 call 4040fd call 403a63 call 401cb5 call 4040fd call 403a63 call 403b38 63->78 82 401203-401206 77->82 83 4011f7-4011fe call 410ec0 77->83 192 4012a2-4012ca call 401cb5 call 4040cb call 403a63 78->192 193 40129c 78->193 100 401512 80->100 101 4014ff-401510 call 401f2a 80->101 85 4014e9-4014ec 81->85 86 4014dd-4014e4 call 410ec0 81->86 90 40132c-401395 call 404349 call 404320 call 403a63 * 8 82->90 83->82 94 4019fb-401a24 call 40536a call 403a63 * 3 85->94 86->85 90->113 94->53 103 401514-401516 100->103 101->103 109 401518-40151a 103->109 110 40151e-401527 call 407f8e 103->110 109->110 126 401529-401535 call 410ec0 110->126 127 40153a-401582 call 401d16 call 40218d call 402efe 110->127 118 401a5f-401a63 113->118 141 40163d-40163f 126->141 154 401584-401587 127->154 155 4015f8-40161e call 403a63 call 401c9d call 404f70 call 404f2c 127->155 141->85 145 401645-40164b 141->145 145->85 159 4015f0-4015f3 154->159 160 401589-40158c 154->160 209 401650-401653 155->209 210 401620-40163c call 404f2c call 403a63 * 2 155->210 164 40191f-401933 call 403a63 * 2 159->164 165 401593-4015b6 call 405ed1 call 401daf call 403a63 160->165 166 40158e-401591 160->166 196 401935-401937 164->196 197 40193b-40199d call 40536a call 403a63 * 9 164->197 170 4015bb-4015c0 165->170 166->165 166->170 170->159 179 4015c2-4015c5 170->179 179->159 186 4015c7-4015ef call 405ed1 MessageBoxW call 403a63 179->186 186->159 229 4012e4-4012e7 192->229 230 4012cc-4012df call 401daf 192->230 193->192 196->197 197->118 213 4017b4-4017b7 209->213 214 401659-401690 call 401a66 209->214 210->141 220 4017b9-4017d0 call 401d50 call 4057af 213->220 221 4017ec-40185e call 401d16 call 405bad call 401cb5 call 401e8b call 403a63 * 2 call 401cb5 call 401e8b call 403a63 213->221 233 401692-401699 call 401e18 214->233 234 40169e-4016e2 call 401a66 ShellExecuteExA 214->234 220->221 254 4017d2-4017d5 220->254 340 401860-401871 call 401ded call 401e18 221->340 341 401876-4018f6 call 402635 call 401a66 call 403a63 CreateProcessA 221->341 240 40139a-4014ad call 401cb5 call 4040fd call 401daf call 403a63 * 2 call 401cb5 call 4040fd call 401daf call 403a63 * 2 call 401cb5 call 4040fd call 402635 call 401daf call 403a63 * 6 call 404349 call 404320 229->240 241 4012ed-4012f0 229->241 230->229 233->234 252 401798-4017af call 403a63 * 2 234->252 253 4016e8-4016eb 234->253 240->62 241->240 249 4012f6-401308 MessageBoxW 241->249 249->240 256 40130e-401329 call 403a63 * 3 249->256 295 4019bf-4019c2 252->295 259 4016f9-40172a call 403a63 * 2 call 404f2c call 403a63 * 2 253->259 260 4016ed-4016f4 call 410ec0 253->260 261 401914-40191c call 404f2c 254->261 262 4017db-4017e7 call 410ec0 254->262 256->90 329 401732-401793 call 40536a call 403a63 * 9 259->329 330 40172c-40172e 259->330 260->259 261->164 262->261 301 4019d4-4019d7 call 404f2c 295->301 302 4019c4-4019ce WaitForSingleObject CloseHandle 295->302 313 4019dc-4019f3 call 403a63 * 2 301->313 302->301 313->94 335 4019f5-4019f7 313->335 329->118 330->329 335->94 340->341 363 4019a2-4019ba CloseHandle call 403a63 341->363 364 4018fc-4018ff 341->364 363->295 367 401901-401903 call 410ef6 364->367 368 401908-401913 call 403a63 364->368 367->368 368->261
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00401A7B: GetVersionExA.KERNEL32(?), ref: 00401A95
                                                                                                                                                                                • GetCommandLineW.KERNEL32(00000003,00000003,00000003,00000003,?,00000000), ref: 0040108B
                                                                                                                                                                                  • Part of subcall function 004038D7: __EH_prolog.LIBCMT ref: 004038DC
                                                                                                                                                                                  • Part of subcall function 0040460B: __EH_prolog.LIBCMT ref: 00404610
                                                                                                                                                                                  • Part of subcall function 0040460B: GetModuleFileNameA.KERNEL32(00400000,?,00000105,00000000,00000000), ref: 00404649
                                                                                                                                                                                  • Part of subcall function 0040237B: __EH_prolog.LIBCMT ref: 00402380
                                                                                                                                                                                  • Part of subcall function 00402340: __EH_prolog.LIBCMT ref: 00402345
                                                                                                                                                                                  • Part of subcall function 00403DE4: __EH_prolog.LIBCMT ref: 00403DE9
                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00000010), ref: 004015DE
                                                                                                                                                                                • ShellExecuteExA.SHELL32(0000003C,?,00000001,?,?,00000003,?,00000003,00420240,;!@InstallEnd@!,?,00000003,00000000,00000002,00420278,00000003), ref: 004016D5
                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00000024), ref: 004012FF
                                                                                                                                                                                  • Part of subcall function 00410EC0: MessageBoxW.USER32(00000000,?,7-Zip,00000010), ref: 00410EC9
                                                                                                                                                                                  • Part of subcall function 00402EFE: __EH_prolog.LIBCMT ref: 00402F03
                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000000), ref: 004019A8
                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000), ref: 004019C7
                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000000), ref: 004019CE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog$Message$CloseHandle$CommandExecuteFileLineModuleNameObjectShellSingleVersionWait
                                                                                                                                                                                • String ID: $%%T$%%T\$;!@Install@!UTF-8!$;!@InstallEnd@!$<$Can not create temp folder archive$Can not find setup.exe$Can not load codecs$Can not open file$Can't load config info$Config failed$D$Directory$ExecuteFile$ExecuteParameters$RunProgram$Title$setup.exe
                                                                                                                                                                                • API String ID: 785510900-2114487665
                                                                                                                                                                                • Opcode ID: 6ce4265be62f8a57b236d3381bcaad717836c996c3d74f776ce9d25c421a97ba
                                                                                                                                                                                • Instruction ID: f92d1a5b025e5f1856d93d01be2b226abe75c3e6546c85d9ed47549f0c040395
                                                                                                                                                                                • Opcode Fuzzy Hash: 6ce4265be62f8a57b236d3381bcaad717836c996c3d74f776ce9d25c421a97ba
                                                                                                                                                                                • Instruction Fuzzy Hash: 485228719002199ACF25EFA5DC82AEDBB75AF04308F1040BFE156721F2DA395B86CF58
                                                                                                                                                                                Function 0040AB05 Relevance: 14.2, APIs: 9, Instructions: 682COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 404 40ab05-40ab29 call 413724 call 40d5a3 409 40b0c3-40b0c8 404->409 410 40ab2f-40ab65 call 402172 call 4130e0 call 4062e7 404->410 411 40b3f1-40b3ff 409->411 418 40ab6b 410->418 419 40ac4c-40ac83 call 40aab0 call 40b761 call 40b402 410->419 420 40ab6e-40ab78 call 403a3d 418->420 434 40aca2-40acb2 call 404349 419->434 435 40ac85-40ac9c call 40b519 419->435 427 40ab88 420->427 428 40ab7a-40ab86 420->428 430 40ab8a-40ab8f 427->430 428->430 432 40ab91-40ab93 430->432 433 40ab97-40abc2 call 403a3d 430->433 432->433 442 40abc4-40abd4 433->442 443 40abd6 433->443 445 40acb4-40acba 434->445 446 40acbd-40acc1 434->446 435->434 444 40ae5d-40ae73 435->444 447 40abd8-40abdd 442->447 443->447 458 40ae79-40ae7c 444->458 459 40b2ab-40b2cd call 40a1fc 444->459 445->446 450 40acc3-40acd7 call 403a3d 446->450 451 40ad04-40ad16 446->451 448 40abe5-40ac1e call 4062e7 call 40a3de 447->448 449 40abdf-40abe1 447->449 481 40ac20-40ac22 448->481 482 40ac26-40ac2c 448->482 449->448 461 40ace2 450->461 462 40acd9-40ace0 call 40b626 450->462 466 40ad18-40ad5a call 404320 call 409739 DeleteCriticalSection call 40a594 451->466 467 40ad5f-40ad65 451->467 465 40ae7f-40aeb4 458->465 477 40b2d8-40b2db 459->477 478 40b2cf-40b2d5 459->478 471 40ace4-40acf8 call 4062e7 461->471 462->471 493 40aeb6-40aebf 465->493 494 40aedf-40aee5 465->494 537 40b321-40b335 call 404349 call 404320 466->537 473 40ae4b-40ae5a call 40b735 467->473 474 40ad6b-40ad8f call 406297 467->474 502 40acfa-40acfd 471->502 503 40acff 471->503 473->444 490 40ad94-40ad98 474->490 486 40b33a-40b36a call 403291 call 40439a 477->486 487 40b2dd-40b31f call 404320 call 409739 DeleteCriticalSection call 40a594 477->487 478->477 481->482 491 40ac34-40ac43 482->491 492 40ac2e-40ac30 482->492 552 40b385-40b3a4 486->552 553 40b36c-40b383 call 40a528 486->553 487->537 504 40af83-40af8c 490->504 505 40ad9e-40ada9 490->505 491->420 506 40ac49 491->506 492->491 495 40aec5-40aed6 493->495 496 40b16e-40b174 493->496 499 40aee7-40aee9 494->499 500 40aeed-40af35 call 403291 * 2 call 40439a * 2 494->500 530 40b1c5-40b1ce 495->530 531 40aedc 495->531 512 40b176-40b178 496->512 513 40b17c-40b1c3 call 404320 call 409739 DeleteCriticalSection call 40a594 496->513 499->500 608 40af37-40af4d call 40a528 500->608 609 40af4f-40af55 500->609 509 40ad01 502->509 503->509 514 40af94-40af9d 504->514 515 40af8e-40af90 504->515 516 40add7-40addb 505->516 517 40adab-40adaf 505->517 506->419 509->451 512->513 593 40b218-40b22e call 404349 call 404320 513->593 527 40afa5-40afe9 call 404320 call 409739 DeleteCriticalSection call 40a594 514->527 528 40af9f-40afa1 514->528 515->514 519 40ade1-40adf0 call 4062e7 516->519 520 40b05c-40b065 516->520 517->516 525 40adb1-40adb6 517->525 558 40adf2-40adf8 call 409ed8 519->558 559 40adfd-40ae12 call 40b876 519->559 535 40b067-40b069 520->535 536 40b06d-40b0be call 404320 call 409739 DeleteCriticalSection call 40a594 call 404349 call 404320 520->536 539 40adbc-40adc8 call 4062e7 525->539 540 40afee-40aff7 525->540 527->537 528->527 544 40b1d0-40b1d2 530->544 545 40b1d6-40b211 call 404320 call 409739 DeleteCriticalSection call 40a594 530->545 531->494 535->536 536->409 600 40b3ef 537->600 539->559 569 40adca-40add5 call 409eb3 539->569 547 40b002-40b008 540->547 548 40aff9-40afff 540->548 544->545 545->593 561 40b010-40b057 call 404320 call 409739 DeleteCriticalSection call 40a594 547->561 562 40b00a-40b00c 547->562 548->547 674 40b3a5 call 412ff0 552->674 675 40b3a5 call 409ab3 552->675 553->552 558->559 596 40ae14-40ae16 559->596 597 40ae1a-40ae23 559->597 561->537 562->561 569->559 581 40b3a8-40b3ea call 404320 * 2 call 409739 call 40b60b call 40a3a6 581->600 593->411 596->597 606 40ae25-40ae27 597->606 607 40ae2b-40ae34 597->607 600->411 606->607 616 40ae36-40ae38 607->616 617 40ae3c-40ae45 607->617 608->609 619 40b126-40b15a call 404320 * 2 609->619 620 40af5b 609->620 616->617 617->473 617->474 619->465 659 40b160-40b165 619->659 627 40af5e-40af65 620->627 632 40b0d1 627->632 633 40af6b 627->633 635 40b0d4-40b0d6 632->635 637 40af6e-40af70 633->637 639 40b0e4-40b0eb 635->639 640 40b0d8-40b0e2 635->640 642 40af76-40af7c 637->642 643 40b0cd-40b0cf 637->643 646 40b0fc 639->646 647 40b0ed 639->647 645 40b10a-40b120 call 40a528 640->645 642->637 649 40af7e 642->649 643->635 645->619 645->627 651 40b0ff-40b101 646->651 650 40b0f0-40b0f2 647->650 649->632 654 40b0f4-40b0fa 650->654 655 40b16a-40b16c 650->655 656 40b233-40b2a6 call 404320 * 3 call 409739 DeleteCriticalSection call 40a594 call 404349 call 404320 651->656 657 40b107 651->657 654->646 654->650 655->651 656->411 657->645 659->459 674->581 675->581
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040AB0A
                                                                                                                                                                                  • Part of subcall function 0040D5A3: __EH_prolog.LIBCMT ref: 0040D5A8
                                                                                                                                                                                  • Part of subcall function 004130E0: InitializeCriticalSection.KERNEL32(?,?,?,00000000,00000000), ref: 0041310E
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?), ref: 0040AD3E
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?), ref: 0040AFCB
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?), ref: 0040B036
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?), ref: 0040B093
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?), ref: 0040B1A2
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?), ref: 0040B1FC
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?,?,?,00000004,00000004), ref: 0040B271
                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?), ref: 0040B303
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$Delete$H_prolog$Initialize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3452124646-0
                                                                                                                                                                                • Opcode ID: de7dd439df8df690657da08e07b677ce825c61015d961a3904dbcf38c8095520
                                                                                                                                                                                • Instruction ID: 4c9a54a47b38b58bbaef36bcc828af5c6ca02983ed7c574d3216c54edcd042c8
                                                                                                                                                                                • Opcode Fuzzy Hash: de7dd439df8df690657da08e07b677ce825c61015d961a3904dbcf38c8095520
                                                                                                                                                                                • Instruction Fuzzy Hash: FC627E7090024ADFDB14DFA5C944BDEBBB4FF14308F1080AEE805B7291DB789A49DB99
                                                                                                                                                                                Function 004051B7 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 102threadCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 676 4051b7-4051e6 GetCurrentThreadId GetTickCount GetCurrentProcessId 677 4051ea-4051f6 call 401d50 676->677 680 4051f8-4051ff 677->680 681 40524f-405255 677->681 684 405200-40520b 680->684 682 405263-40526c call 405800 681->682 683 405257-40525e call 4048ab 681->683 691 40527b-405280 682->691 692 40526e-405279 SetLastError 682->692 683->682 687 405212 684->687 688 40520d-405210 684->688 690 405215-40521f 687->690 688->690 690->684 693 405221-40522a 690->693 695 405282-40528c call 405ae5 691->695 696 40528e-405290 call 4049f4 691->696 694 4052ab-4052b2 692->694 697 405235-405248 call 4048ab GetTickCount 693->697 698 40522c-405230 call 401ded 693->698 694->677 702 4052b8-4052c2 694->702 705 405295-405297 695->705 696->705 710 40524a-40524c 697->710 711 40524d 697->711 698->697 707 4052c4-4052c8 702->707 708 405299-4052a2 GetLastError 705->708 709 4052cb-4052cd 705->709 708->694 712 4052a4-4052a9 708->712 709->707 710->711 711->681 712->694 712->702
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 004051C5
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004051D0
                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000000,?,?,00405334,?,00000000,?,00000003,00000003,00000000,00000000,00000003,?,00000000), ref: 004051DB
                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405240
                                                                                                                                                                                • SetLastError.KERNEL32(000000B7,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00405273
                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00405299
                                                                                                                                                                                  • Part of subcall function 004049F4: CreateDirectoryA.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A13
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CountCurrentErrorLastTick$CreateDirectoryProcessThread
                                                                                                                                                                                • String ID: .tmp$d
                                                                                                                                                                                • API String ID: 3074393274-2797371523
                                                                                                                                                                                • Opcode ID: 2fda1539db0041318063c64b288010cc5c4c3aedaa5e381c7d8f696092406eab
                                                                                                                                                                                • Instruction ID: 4fab17955b769304b7d1cf71853489b42ead9ac2cf2e2055059d54e7646dac87
                                                                                                                                                                                • Opcode Fuzzy Hash: 2fda1539db0041318063c64b288010cc5c4c3aedaa5e381c7d8f696092406eab
                                                                                                                                                                                • Instruction Fuzzy Hash: CC31C1326506009BDB10ABA098897EF7760EFA5315F14807FE902BB2D2D77C9842CF99
                                                                                                                                                                                Function 00404908 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36filetimeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 747 404908-404914 748 404922-40493f CreateFileW 747->748 749 404916-404920 SetLastError 747->749 751 404941-404957 SetFileTime CloseHandle 748->751 752 40495d-40495f 748->752 750 404960-404962 749->750 751->752 752->750
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetLastError.KERNEL32(00000078,.@,00000000,00402AB0,00000000,?,?,?,?), ref: 00404918
                                                                                                                                                                                • CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,02000000,00000000,?,.@,00000000,00402AB0,00000000,?,?,?,?), ref: 00404934
                                                                                                                                                                                • SetFileTime.KERNELBASE(00000000,00000000,?,?,?,40000000,00000003,00000000,00000003,02000000,00000000,?,.@,00000000,00402AB0,00000000), ref: 0040494B
                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,40000000,00000003,00000000,00000003,02000000,00000000,?,.@,00000000,00402AB0,00000000,?,?,?), ref: 00404957
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$CloseCreateErrorHandleLastTime
                                                                                                                                                                                • String ID: .@
                                                                                                                                                                                • API String ID: 2291555494-2582305824
                                                                                                                                                                                • Opcode ID: 134b82ee1bee937397c61f831c6e8a998fcbb54d8f51f8998ece3d2421389dbd
                                                                                                                                                                                • Instruction ID: b13e78268552c33248838deebc4f257ca571263cc4fefdaa9dfe176c52576776
                                                                                                                                                                                • Opcode Fuzzy Hash: 134b82ee1bee937397c61f831c6e8a998fcbb54d8f51f8998ece3d2421389dbd
                                                                                                                                                                                • Instruction Fuzzy Hash: 66F0E2B12812107BE2201B74BC48F9B6E5CDBCA715F108135B661A21E0C3284D19D7B8
                                                                                                                                                                                Function 004083AB Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 328COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 753 4083ab-4083c3 call 413724 756 4083c5-4083cb 753->756 757 4083cd-408400 call 4045d0 call 40218d 753->757 756->757 763 408402-408405 757->763 764 40844c-408464 call 403291 757->764 766 408409-40840d 763->766 771 408476-408480 764->771 772 408466-408474 call 40a528 764->772 768 408417-40841b 766->768 769 40840f-408411 766->769 770 408420-408422 768->770 773 408413-408415 769->773 774 40841d 769->774 770->764 777 408424-40844b call 401e4e call 401daf call 403a63 770->777 775 408482-408493 call 407d59 771->775 776 4084c3-4084c7 771->776 784 4084e5-4084eb 772->784 773->766 774->770 791 4084b4-4084b8 call 40a528 775->791 792 408495-4084b2 call 40447a 775->792 781 4084e3 776->781 782 4084c9-4084cd 776->782 777->764 781->784 787 4084d9-4084de call 40435e 782->787 788 4084cf-4084d4 782->788 789 4084f1-4084f6 784->789 790 4085ba-4085bc 784->790 787->781 794 4085bd-4085dc call 404320 call 403a63 * 2 788->794 796 4084f8-4084ff call 40647d 789->796 797 40850a-408534 call 4062e7 789->797 790->794 804 4084bd-4084c1 791->804 792->804 818 4085dd-4085eb 794->818 807 408502-408504 796->807 816 408536-40853a 797->816 817 40853c-40853f 797->817 804->775 804->776 807->797 811 4085ee-4085f0 807->811 811->794 819 4085ab-4085b4 816->819 820 408541-40854e 817->820 821 408557-408571 817->821 819->789 819->790 884 40854f call 40cf82 820->884 885 40854f call 40dd29 820->885 824 4085f2-4085fb 821->824 825 408573-408588 821->825 823 408552-408555 826 408590-408594 823->826 827 408603-408626 call 404320 call 403a63 * 2 824->827 828 4085fd-4085ff 824->828 825->826 838 40858a-40858c 825->838 829 408628-40862b 826->829 830 40859a-4085a3 826->830 827->818 828->827 831 408646-408665 829->831 832 40862d-408636 829->832 830->819 834 4085a5-4085a7 830->834 842 408667-40866f 831->842 843 40867f-4086a2 call 405cd6 call 4062e7 831->843 836 408638-40863a 832->836 837 40863e-408641 832->837 834->819 836->837 837->794 838->826 845 408671 842->845 846 408676-40867a call 401d50 842->846 854 408700-40870d call 407d59 843->854 855 4086a4-4086fe call 401cb5 * 2 call 407bd5 call 401daf call 403a63 * 3 843->855 845->846 846->843 860 408711-40873c call 407bd5 call 401daf call 403a63 854->860 861 40870f 854->861 875 40873d-408746 855->875 860->875 861->860 877 408748-40874a 875->877 878 40874e-408750 875->878 877->878 878->794 884->823 885->823
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID: Unknown error$X3B
                                                                                                                                                                                • API String ID: 3519838083-1496835351
                                                                                                                                                                                • Opcode ID: 47f253f86f2cbe6f5ea7b7729e7e95f0c02779c145a6591478a86d185b5344b5
                                                                                                                                                                                • Instruction ID: 10ffca09dccd2053a4a89f972bfe6bbc607f2b880b0d523777cfa28ffc571443
                                                                                                                                                                                • Opcode Fuzzy Hash: 47f253f86f2cbe6f5ea7b7729e7e95f0c02779c145a6591478a86d185b5344b5
                                                                                                                                                                                • Instruction Fuzzy Hash: 89D16070900219EFCF05DFA4C984ADEBB74BF48304F14846EE846BB2D1DB78AA45CB95
                                                                                                                                                                                Function 00405620 Relevance: 4.6, APIs: 3, Instructions: 130COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 886 405620-40564a call 413724 call 405434 891 405653-40565f GetLastError 886->891 892 40564c-40564e 886->892 894 405661-405664 891->894 895 40566a-405672 891->895 893 405794-40579c call 405414 892->893 901 40579e-4057ac 893->901 894->895 896 405792 894->896 895->896 898 405678 895->898 896->893 900 40567a-405681 898->900 900->900 902 405683-405686 900->902 902->896 903 40568c-405692 902->903 903->896 904 405698-40569c 903->904 904->896 905 4056a2-4056ae call 403a6e 904->905 905->896 908 4056b4-4056d9 call 403a6e call 401cb5 905->908 913 4056e7-4056f6 call 401cb5 908->913 914 4056db-4056e1 908->914 920 405705-405720 call 401ded call 405434 913->920 921 4056f8-405700 call 401ded 913->921 914->913 915 405789-405791 call 403a63 914->915 915->896 927 405722-405734 call 403b11 920->927 928 405777-405788 SetLastError call 403a63 920->928 921->920 927->928 933 405736-405775 call 40222b call 401daf call 403a63 * 3 call 405414 927->933 928->915 933->901
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00405625
                                                                                                                                                                                  • Part of subcall function 00405434: FindFirstFileA.KERNEL32(?,?,000000FF), ref: 00405467
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000000,?,00000001), ref: 00405653
                                                                                                                                                                                  • Part of subcall function 00405414: FindClose.KERNELBASE(?,000000FF,00405445,000000FF), ref: 0040541F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Find$CloseErrorFileFirstH_prologLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 364955512-0
                                                                                                                                                                                • Opcode ID: 7af81683b2bbd08a4e7907554c6bd4d0585e29ef0a2842fee04aea0eda1a8d3a
                                                                                                                                                                                • Instruction ID: 04b13d9487752735ca5a27f2fc382c225ef0a6c39b2ce108fc8834fd1c85259b
                                                                                                                                                                                • Opcode Fuzzy Hash: 7af81683b2bbd08a4e7907554c6bd4d0585e29ef0a2842fee04aea0eda1a8d3a
                                                                                                                                                                                • Instruction Fuzzy Hash: F0418E36900519AACF14FBA5D942AEFBB75EF14308F10403AE412772E1DB795E41DEA8
                                                                                                                                                                                Function 00416A88 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 946 416a88-416a97 call 416b2d 949 416a99-416aa4 GetCurrentProcess TerminateProcess 946->949 950 416aaa-416ac0 946->950 949->950 951 416ac2-416ac9 950->951 952 416afe-416b12 call 416b3f 950->952 954 416acb-416ad7 951->954 955 416aed-416afd call 416b3f 951->955 961 416b14-416b1a call 416b36 952->961 962 416b1b-416b25 ExitProcess 952->962 958 416ad9-416add 954->958 959 416aec 954->959 955->952 963 416ae1-416aea 958->963 964 416adf 958->964 959->955 963->958 963->959 964->963
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,00416A73,?,00000000,00000000,004149BD,00000000,00000000), ref: 00416A9D
                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00416A73,?,00000000,00000000,004149BD,00000000,00000000), ref: 00416AA4
                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00416B25
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                • Opcode ID: 1437901adbb6f5f79383b87a45eea3dcfdbbe1126ab2fc144c657422388fb5ba
                                                                                                                                                                                • Instruction ID: 0e18a92ac83ca44edc126e9bc7105b1bfa7f20768c24b30c438cbd3485978612
                                                                                                                                                                                • Opcode Fuzzy Hash: 1437901adbb6f5f79383b87a45eea3dcfdbbe1126ab2fc144c657422388fb5ba
                                                                                                                                                                                • Instruction Fuzzy Hash: FC010432304220ABDA21AF29FC82A9A7BE4FF45355B52803FF541A3151CB3CE8C1CA5D
                                                                                                                                                                                Function 00406F68 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00406F6D
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00000000,?,?,?,00406FF7,?,?,?,?,?), ref: 00406F7E
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00000000,?,?,?,00406FF7,?,?,?,?,?), ref: 00406FB2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterH_prologLeave
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 367238759-0
                                                                                                                                                                                • Opcode ID: 07f6c1fd103800f188fec5f91ab3bb47b81eb91ba650842d040f77beb3819d41
                                                                                                                                                                                • Instruction ID: 97c3a8bfcec3db19a0bb52fb413a425f8ec3aea0187b5ae5e4fa4e2c7e55e4ea
                                                                                                                                                                                • Opcode Fuzzy Hash: 07f6c1fd103800f188fec5f91ab3bb47b81eb91ba650842d040f77beb3819d41
                                                                                                                                                                                • Instruction Fuzzy Hash: 4C013C76A00214EFCB118F94DC08B9ABBB9FF48755F11886AFD16E7250C7B4A910DFA4
                                                                                                                                                                                Function 0040280E Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 384COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 975 40280e-402831 call 413724 call 402d81 980 402833-402838 975->980 981 40283d-402844 975->981 982 402cdb-402ce9 980->982 983 402846-40284c 981->983 984 40284f-40286f call 40cd84 981->984 983->984 987 402871-402873 984->987 988 402875-402890 call 40218d 984->988 989 4028b5-4028c3 call 405cd6 987->989 994 4028a0-4028a5 988->994 995 402892-40289e call 401daf 988->995 989->982 997 4028a7-4028b0 call 403a63 994->997 998 4028c8-4028ce call 401d50 994->998 1002 4028d3-4028e2 call 401daf 995->1002 997->989 998->1002 1006 4028e8-402906 1002->1006 1007 402cbf-402cc2 1002->1007 1011 402908-40290a 1006->1011 1012 40290f-402913 1006->1012 1008 402cc4-402cd9 call 403a63 call 405cd6 1007->1008 1008->982 1014 402b4b-402b6e call 405cd6 call 403a63 call 405cd6 1011->1014 1015 402915-402918 1012->1015 1016 40291a-40291f 1012->1016 1014->982 1018 40292e-402943 1015->1018 1019 402921-402926 1016->1019 1020 40292b 1016->1020 1018->1011 1026 402945-402972 1018->1026 1019->1014 1020->1018 1031 402974-4029a3 call 405cd6 * 2 call 403a63 call 405cd6 1026->1031 1032 4029a8-4029ad 1026->1032 1031->982 1033 4029b7-4029d7 call 405cd6 1032->1033 1034 4029af-4029b3 1032->1034 1033->1011 1044 4029dd-4029e3 1033->1044 1034->1033 1046 4029e5-4029e8 1044->1046 1047 4029fe-402a09 1044->1047 1046->1019 1050 4029ee-4029fc 1046->1050 1048 402a0c-402a31 call 402172 call 40452f 1047->1048 1055 402a33-402a3a 1048->1055 1056 402a3f-402a52 call 401d16 1048->1056 1050->1048 1057 402b32 1055->1057 1062 402a54-402a57 call 404351 1056->1062 1063 402a5c-402a5f 1056->1063 1059 402b37-402b46 call 404349 call 404320 1057->1059 1059->1014 1062->1063 1066 402a71-402a87 call 402635 1063->1066 1067 402a61-402a64 1063->1067 1073 402a89-402a9c call 401daf 1066->1073 1074 402acb-402ae3 call 401c9d call 405620 1066->1074 1067->1066 1070 402a66-402a6c call 4027a7 1067->1070 1070->1066 1080 402aa5-402aab call 404908 1073->1080 1081 402a9e-402aa3 call 4049af 1073->1081 1082 402ae8-402aea 1074->1082 1088 402ab0-402ac9 call 403a63 * 2 1080->1088 1081->1088 1085 402af0-402afa call 404c29 1082->1085 1086 402b73-402b76 1082->1086 1085->1086 1099 402afc-402b2e call 401d50 call 403a63 * 3 1085->1099 1091 402c6c-402cbd call 401daf call 403a63 * 3 call 404349 call 404320 call 405cd6 1086->1091 1092 402b7c-402b86 call 403a3d 1086->1092 1088->1059 1091->1008 1101 402b88-402b97 1092->1101 1102 402b99 1092->1102 1099->1057 1106 402b9b-402ba3 1101->1106 1102->1106 1109 402ba5-402ba7 1106->1109 1110 402bab-402bc8 call 405ae5 1106->1110 1109->1110 1119 402c55-402c67 call 4062e7 1110->1119 1120 402bce-402be5 call 401d50 1110->1120 1119->1091 1131 402be7-402be9 1120->1131 1132 402bed-402c50 call 403a63 * 3 call 404349 call 404320 call 405cd6 call 403a63 call 405cd6 1120->1132 1131->1132 1132->982
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00402813
                                                                                                                                                                                  • Part of subcall function 00402D81: EnterCriticalSection.KERNEL32(?,?,?,00409336), ref: 00402D86
                                                                                                                                                                                  • Part of subcall function 00402D81: LeaveCriticalSection.KERNEL32(?,?,?,?,00409336), ref: 00402D90
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterH_prologLeave
                                                                                                                                                                                • String ID: .@
                                                                                                                                                                                • API String ID: 367238759-2582305824
                                                                                                                                                                                • Opcode ID: 2f024b2b9b8129b96186ca70a997236dc5491840daf27726e800d1d46b323183
                                                                                                                                                                                • Instruction ID: fb4838387da9abac6519c3a0e173b295c4de01f89ec6b6ed0d4ee3fc8d60aaac
                                                                                                                                                                                • Opcode Fuzzy Hash: 2f024b2b9b8129b96186ca70a997236dc5491840daf27726e800d1d46b323183
                                                                                                                                                                                • Instruction Fuzzy Hash: F3F1DF70900248DFCF14EFA5C985ADEBBB4AF54308F10807EE446B72E1DB785A85DB19
                                                                                                                                                                                Function 004030FC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1154 4030fc-403128 call 413724 call 401c9d call 405620 1161 403141-403146 1154->1161 1162 40312a-40313f call 401d50 1154->1162 1163 403150 1161->1163 1164 403148-40314e 1161->1164 1168 4031a2-4031aa call 403a63 1162->1168 1166 403153-403192 call 403291 call 408d5e call 404320 1163->1166 1164->1166 1179 403194-40319d call 401d50 1166->1179 1180 4031af-4031d1 call 401d16 call 405bad call 404a3e 1166->1180 1175 403281 1168->1175 1177 403282-403290 1175->1177 1179->1168 1188 403213-403268 call 401cb5 call 402686 call 403a63 1180->1188 1189 4031d3-403211 call 4092e6 call 401daf call 403a63 * 3 1180->1189 1211 40326a call 40bff7 1188->1211 1212 40326a call 40b98f 1188->1212 1189->1177 1203 40326d-403280 call 403a63 * 2 1203->1175 1211->1203 1212->1203
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00403101
                                                                                                                                                                                  • Part of subcall function 00405620: __EH_prolog.LIBCMT ref: 00405625
                                                                                                                                                                                  • Part of subcall function 00404A3E: __EH_prolog.LIBCMT ref: 00404A43
                                                                                                                                                                                  • Part of subcall function 004092E6: __EH_prolog.LIBCMT ref: 004092EB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID: Default
                                                                                                                                                                                • API String ID: 3519838083-753088835
                                                                                                                                                                                • Opcode ID: 0fc91ddac6c1b16fe72a6cc7b41e2781a7216c9bd00a9ca8bd5645336c638fb0
                                                                                                                                                                                • Instruction ID: 203c82e13c85383a660d5cb73dbb10af46e9aa8c77eacbcc0267a4e11568a844
                                                                                                                                                                                • Opcode Fuzzy Hash: 0fc91ddac6c1b16fe72a6cc7b41e2781a7216c9bd00a9ca8bd5645336c638fb0
                                                                                                                                                                                • Instruction Fuzzy Hash: E4514E75900209EFDB14EFA5D8819EEBBB8FF18308F00456EE556772D1DB38AA06CB14
                                                                                                                                                                                Function 00404A3E Relevance: 3.2, APIs: 2, Instructions: 166COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1213 404a3e-404a5f call 413724 call 401cb5 1218 404a61-404a64 1213->1218 1219 404aa8-404ab7 call 401d16 1213->1219 1221 404a68-404a6c 1218->1221 1225 404abb-404ac5 call 4049f4 1219->1225 1223 404a76-404a7a 1221->1223 1224 404a6e-404a70 1221->1224 1228 404a7f-404a81 1223->1228 1226 404a72-404a74 1224->1226 1227 404a7c 1224->1227 1235 404acb-404ad6 GetLastError 1225->1235 1236 404b9f-404ba6 call 401daf 1225->1236 1226->1221 1227->1228 1228->1219 1229 404a83-404a88 1228->1229 1229->1219 1231 404a8a-404a8d 1229->1231 1233 404a9d-404aa3 call 40240b 1231->1233 1234 404a8f-404a94 1231->1234 1233->1219 1234->1233 1238 404a96-404a98 1234->1238 1240 404b47-404b59 call 401c9d call 405620 1235->1240 1241 404ad8-404add 1235->1241 1242 404bab-404bae 1236->1242 1243 404c0e-404c14 call 403a63 1238->1243 1262 404b5e-404b60 1240->1262 1244 404c00 1241->1244 1245 404ae3-404ae6 1241->1245 1249 404bb0-404bc2 call 403a6e 1242->1249 1250 404c25-404c27 1242->1250 1265 404c15-404c24 1243->1265 1247 404c02-404c0d call 403a63 1244->1247 1252 404aea-404aee 1245->1252 1247->1243 1269 404bc4-404bca 1249->1269 1270 404bcc 1249->1270 1250->1247 1253 404af0-404af2 1252->1253 1254 404af8-404afc 1252->1254 1259 404af4-404af6 1253->1259 1260 404afe 1253->1260 1263 404b01-404b03 1254->1263 1259->1252 1260->1263 1266 404b62-404b64 1262->1266 1267 404b66-404b6e 1262->1267 1263->1244 1268 404b09 1263->1268 1271 404b72-404b8d call 403a63 * 3 1266->1271 1272 404b70 1267->1272 1273 404b92-404b9e call 403a63 1267->1273 1268->1244 1274 404b0f-404b15 1268->1274 1269->1270 1275 404bcf-404bfe call 401e6f call 4049f4 call 403a63 1269->1275 1270->1275 1271->1265 1272->1271 1273->1236 1274->1244 1277 404b1b-404b42 call 401e6f call 401daf call 403a63 1274->1277 1275->1242 1275->1244 1277->1225
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00404A43
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00000000), ref: 00404ACB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorH_prologLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1057991267-0
                                                                                                                                                                                • Opcode ID: cf2054507fd1ee53753d2eae408e5b803be4a538542d8802e2091fe77905cd97
                                                                                                                                                                                • Instruction ID: 397979b183d08822f23b565ee303c4952bc02ec102e27be1c48eee89bea9c2ad
                                                                                                                                                                                • Opcode Fuzzy Hash: cf2054507fd1ee53753d2eae408e5b803be4a538542d8802e2091fe77905cd97
                                                                                                                                                                                • Instruction Fuzzy Hash: 1E5105719441099ACF10EBA5C942AFEBB75AF91308F11017FE602731E1DB3DAE46CB99
                                                                                                                                                                                Function 00408755 Relevance: 3.1, APIs: 2, Instructions: 85COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1297 408755-408778 call 413724 1300 40877a-408784 call 403a3d 1297->1300 1301 40879e-4087a1 1297->1301 1309 408791 1300->1309 1310 408786-40878f 1300->1310 1303 4087a3-4087ad call 403a3d 1301->1303 1304 4087f6-408807 call 4083ab 1301->1304 1312 4087ce 1303->1312 1313 4087af-4087cc 1303->1313 1311 40880c-408816 1304->1311 1314 408793-40879c call 4062e7 1309->1314 1310->1314 1315 408818-40881a 1311->1315 1316 40881e-408827 1311->1316 1319 4087d0-4087e6 call 4062e7 call 405a0f 1312->1319 1313->1319 1314->1304 1315->1316 1317 408829-40882b 1316->1317 1318 40882f-40883f 1316->1318 1317->1318 1326 4087f0-4087f3 1319->1326 1327 4087e8-4087ee GetLastError 1319->1327 1326->1304 1327->1311
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040875A
                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,?,00000000,?,?,0040893F,?,?,00000000,004149B4,?,?,?,00000000), ref: 004087E8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorH_prologLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1057991267-0
                                                                                                                                                                                • Opcode ID: d698953ed0da4becc77ee74f002a5177edada05561c767edb88e830fd653d4a8
                                                                                                                                                                                • Instruction ID: 0128b321cd566d1ceb50e896689a501b942dab3b414a73cd3b5e456030195100
                                                                                                                                                                                • Opcode Fuzzy Hash: d698953ed0da4becc77ee74f002a5177edada05561c767edb88e830fd653d4a8
                                                                                                                                                                                • Instruction Fuzzy Hash: EE317C719012499FCB10DF95CE849AEBBB0FF44314B24817FE496B7292CB388D40DB69
                                                                                                                                                                                Function 0041468E Relevance: 3.0, APIs: 2, Instructions: 45threadCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1340 41468e-4146a4 call 416ccc 1343 4146e1-4146ea call 413d6f 1340->1343 1344 4146a6-4146d7 call 4152e0 CreateThread 1340->1344 1349 4146f3 1343->1349 1350 4146ec-4146f2 call 416c47 1343->1350 1351 4146f5-4146f8 1344->1351 1352 4146d9-4146df GetLastError 1344->1352 1349->1351 1350->1349 1352->1343
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00416CCC: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00416DC2
                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000003,004146F9,00000000,00000000,?), ref: 004146CF
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00413009,00000000,00000000,004032CA,?,00000000,00000000,?,00402FAB,?,00000000,?), ref: 004146D9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocCreateErrorHeapLastThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3580101977-0
                                                                                                                                                                                • Opcode ID: 0374611688ca75c4551dea276e5d424cbadff3ac534dbe24837146ca9d20d13e
                                                                                                                                                                                • Instruction ID: 928dc59a5e1d7113ba94efa25a55b36d47ae035f635b84aed830f8a2a3c61c12
                                                                                                                                                                                • Opcode Fuzzy Hash: 0374611688ca75c4551dea276e5d424cbadff3ac534dbe24837146ca9d20d13e
                                                                                                                                                                                • Instruction Fuzzy Hash: D6F02D362006156BCB209F66EC019DB3BA5EF81375F10402EF958C2290DF3DC8914BAC
                                                                                                                                                                                Function 00405892 Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1328 405892-4058a2 call 405905 1331 405900-405902 1328->1331 1332 4058a4-4058ad 1328->1332 1333 4058de-4058f5 CreateFileW 1332->1333 1334 4058af-4058dc call 403b85 CreateFileA call 403a63 1332->1334 1336 4058f7-4058fd 1333->1336 1334->1336 1336->1331
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00405905: CloseHandle.KERNELBASE(00000000,000000FF,004058A0,?,?,00000000), ref: 00405910
                                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004058EF
                                                                                                                                                                                  • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
                                                                                                                                                                                • CreateFileA.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004058CB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFile$CloseH_prologHandle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 449569272-0
                                                                                                                                                                                • Opcode ID: 34b674e9a04a5ff3e8c8923f5916708bcc46c4f31befc859c171c75614de22e6
                                                                                                                                                                                • Instruction ID: 7cb04d8d1853a58e30318ad4c29bda14cf4b58fee7e46fc4002fe1391b6e6e2b
                                                                                                                                                                                • Opcode Fuzzy Hash: 34b674e9a04a5ff3e8c8923f5916708bcc46c4f31befc859c171c75614de22e6
                                                                                                                                                                                • Instruction Fuzzy Hash: 4F01287240020AFFCF11AFA4DC45C9B7F6AEF08364B10853AF991661A1D73699A1EF94
                                                                                                                                                                                Function 00404C29 Relevance: 3.0, APIs: 2, Instructions: 32fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00404965: SetFileAttributesA.KERNEL32(?,00000000,?,00000003,?,00000000), ref: 00404985
                                                                                                                                                                                • DeleteFileW.KERNELBASE(?,?,00404DF4,?,00000000,?,?,?,?,?,00000000), ref: 00404C68
                                                                                                                                                                                  • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
                                                                                                                                                                                • DeleteFileA.KERNEL32(00000000,?,00404DF4,?,00000000,?,?,?,?,?,00000000), ref: 00404C52
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$Delete$AttributesH_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2228796961-0
                                                                                                                                                                                • Opcode ID: 2a851ada320448840f081fdf09e03eccb137fd278eb5091bc1926aea873404c1
                                                                                                                                                                                • Instruction ID: 42beaf350199a5bd001275db4dd2e0c02934a82ca565cbb3bb09e1eddbc7cd64
                                                                                                                                                                                • Opcode Fuzzy Hash: 2a851ada320448840f081fdf09e03eccb137fd278eb5091bc1926aea873404c1
                                                                                                                                                                                • Instruction Fuzzy Hash: A9F0ECB5A0912067EF107B35AC05A9B3B594BC3314B12C17B9D11732E5EB388E06D6CD
                                                                                                                                                                                Function 00404965 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFileAttributesW.KERNELBASE(?,00000000,?,00000003,?,00000000), ref: 0040499C
                                                                                                                                                                                  • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
                                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000,?,00000003,?,00000000), ref: 00404985
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AttributesFile$H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3790360811-0
                                                                                                                                                                                • Opcode ID: 5366c93646a32060bc4a1fe11ea500c12b8b92d1211a98e2b8e7846322785de3
                                                                                                                                                                                • Instruction ID: f078d443d6654451da1bdd33dee3a4941b810ca2709c1c0422ffd448cadfd8b3
                                                                                                                                                                                • Opcode Fuzzy Hash: 5366c93646a32060bc4a1fe11ea500c12b8b92d1211a98e2b8e7846322785de3
                                                                                                                                                                                • Instruction Fuzzy Hash: 12E0E5B19002106BCB302B749C08AD73F6CCB82314B108177E816B72D0DA388E06C6D9
                                                                                                                                                                                Function 004049F4 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A2C
                                                                                                                                                                                  • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
                                                                                                                                                                                • CreateDirectoryA.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A13
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateDirectory$H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2325068607-0
                                                                                                                                                                                • Opcode ID: a1e0d02f5bfc64bfc09281de4819c2c8931d1b3daee1640bd6a36795e0d5f738
                                                                                                                                                                                • Instruction ID: e8b418caba4fa0c83fd0f6cce2293bab18ef6c4fa53c548cc4c0ebfda5fe1645
                                                                                                                                                                                • Opcode Fuzzy Hash: a1e0d02f5bfc64bfc09281de4819c2c8931d1b3daee1640bd6a36795e0d5f738
                                                                                                                                                                                • Instruction Fuzzy Hash: 3CE0E570B002006BDB206B64AC05B977B68CB41709F104176E902F71D0DA78DE01DA9C
                                                                                                                                                                                Function 004157C8 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • HeapCreate.KERNELBASE(00000000,00001000,00000000,00414932,00000001), ref: 004157D9
                                                                                                                                                                                  • Part of subcall function 00415680: GetVersionExA.KERNEL32 ref: 0041569F
                                                                                                                                                                                • HeapDestroy.KERNEL32 ref: 00415818
                                                                                                                                                                                  • Part of subcall function 00415825: HeapAlloc.KERNEL32(00000000,00000140,00415801,000003F8), ref: 00415832
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2507506473-0
                                                                                                                                                                                • Opcode ID: 0d18dfc85a1640e6673d81f03e6c6359104a03ea7de3319d0e450716895a192f
                                                                                                                                                                                • Instruction ID: ed3d0d0d9fb025b00032fbfed5580f0a7fafafb3549905f7ec75d8b7e0a93aa3
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d18dfc85a1640e6673d81f03e6c6359104a03ea7de3319d0e450716895a192f
                                                                                                                                                                                • Instruction Fuzzy Hash: 6CF06530A54B01EEDF207B706C867EA2B90EB84795F60483BF401D81A0EB7884D1D659
                                                                                                                                                                                Function 00405970 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFilePointer.KERNELBASE(?,?,?,?), ref: 0040598B
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?), ref: 00405999
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2976181284-0
                                                                                                                                                                                • Opcode ID: 4eb004f5f0e538f15da8fb4a4b1192dc0e26d9ca4b62000b247bbe798b79ae76
                                                                                                                                                                                • Instruction ID: b27308c8a3af6e3091502473baf333c9532b4c6e1f366657fcb3ad1a7c3590d9
                                                                                                                                                                                • Opcode Fuzzy Hash: 4eb004f5f0e538f15da8fb4a4b1192dc0e26d9ca4b62000b247bbe798b79ae76
                                                                                                                                                                                • Instruction Fuzzy Hash: 93F0B7B4500208EFDF04CF94D9458AE7BB5EF49364B208169F815E7390D7359E00DFA9
                                                                                                                                                                                Function 004055C0 Relevance: 3.0, APIs: 2, Instructions: 29fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindNextFileA.KERNEL32(000000FF,?), ref: 004055DB
                                                                                                                                                                                  • Part of subcall function 0040551C: __EH_prolog.LIBCMT ref: 00405521
                                                                                                                                                                                • FindNextFileW.KERNELBASE(000000FF,?), ref: 004055FE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileFindNext$H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 524997802-0
                                                                                                                                                                                • Opcode ID: 26f81b83f3e3a567db28d78fc237f9a2291a4ac5dbec3a4cffcc7580e78677c1
                                                                                                                                                                                • Instruction ID: f88545c4c3033384066cb33420412ee943e7b897f65897311185cc0eb0e0c251
                                                                                                                                                                                • Opcode Fuzzy Hash: 26f81b83f3e3a567db28d78fc237f9a2291a4ac5dbec3a4cffcc7580e78677c1
                                                                                                                                                                                • Instruction Fuzzy Hash: 8DF0B430500508ABDF20EF21CC44BFF3768EB51308F5040B6D408A21A0E7399D49CF9D
                                                                                                                                                                                Function 004049AF Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RemoveDirectoryW.KERNELBASE(?,00000003,?,00000000), ref: 004049E2
                                                                                                                                                                                  • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
                                                                                                                                                                                • RemoveDirectoryA.KERNEL32(00000000,?,00000003,?,00000000), ref: 004049CB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DirectoryRemove$H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2658828398-0
                                                                                                                                                                                • Opcode ID: 201279a7814ea4a167199a037cedd6b46e8dfc642ab05cbb30dc3898fd1609e1
                                                                                                                                                                                • Instruction ID: 4961395adc401f2522103f4a6ac6059727e4e6f3804ef102d625a61c1e6559d1
                                                                                                                                                                                • Opcode Fuzzy Hash: 201279a7814ea4a167199a037cedd6b46e8dfc642ab05cbb30dc3898fd1609e1
                                                                                                                                                                                • Instruction Fuzzy Hash: 82E092B4A001046BDF106B35AC0669B7BA8DB41359B10427ADD13B61E1DA788E05DAD8
                                                                                                                                                                                Function 00404F2C Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,?,00000000), ref: 00404F62
                                                                                                                                                                                  • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
                                                                                                                                                                                • SetCurrentDirectoryA.KERNEL32(00000000,00000000,?,00000000), ref: 00404F48
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CurrentDirectory$H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3531555294-0
                                                                                                                                                                                • Opcode ID: 37bd0973ac103fd303293487a19168a5ccebfcf95a8c4f288a103cb7951a30b5
                                                                                                                                                                                • Instruction ID: 9edf083e53dd0555a3085cbe496080ff7240eda39e21aa363a26468641b3ea5b
                                                                                                                                                                                • Opcode Fuzzy Hash: 37bd0973ac103fd303293487a19168a5ccebfcf95a8c4f288a103cb7951a30b5
                                                                                                                                                                                • Instruction Fuzzy Hash: 75E02630B400093FDF112F78EC4A9AA3BB89B40309F10427AB403E20E1EF38CA48CA48
                                                                                                                                                                                Function 0040B98F Relevance: 2.0, APIs: 1, Instructions: 515COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: cd42e75f15424c8af18106250452f4885b0baa65a0e8b2ba487a57b218ddcc9e
                                                                                                                                                                                • Instruction ID: 4fbed39282daa38b1d3be95d0829f5567439209fdd6a1d56e89862dfcbe45c3a
                                                                                                                                                                                • Opcode Fuzzy Hash: cd42e75f15424c8af18106250452f4885b0baa65a0e8b2ba487a57b218ddcc9e
                                                                                                                                                                                • Instruction Fuzzy Hash: 05324B70904249DFDB10DFA8C584BDEBBB0AF58304F1441AEE845B7382DB78AE45CB99
                                                                                                                                                                                Function 0040EB99 Relevance: 2.0, APIs: 1, Instructions: 500COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040EB9E
                                                                                                                                                                                  • Part of subcall function 0040E770: __EH_prolog.LIBCMT ref: 0040E775
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 93af7643a127ff2c8fcf7066a9c121e1979c0be22eb581a0e33d5eb75e035ebc
                                                                                                                                                                                • Instruction ID: 765616d13d330a71392781af4293cea344630bd2be9376268a28767dce44cac6
                                                                                                                                                                                • Opcode Fuzzy Hash: 93af7643a127ff2c8fcf7066a9c121e1979c0be22eb581a0e33d5eb75e035ebc
                                                                                                                                                                                • Instruction Fuzzy Hash: F6325C70900249DFCB24DFA5C880BEEBBB5BF55308F14847ED549B7282DB386A89CB55
                                                                                                                                                                                Function 0040888F Relevance: 1.9, APIs: 1, Instructions: 374COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: f8f61f009d3daf8c2db6a732b574bcd6eafb3dea196858b7c2c201f5376d76a6
                                                                                                                                                                                • Instruction ID: dff2ad87a4df39db6f8fa6ff6a697358cee08fb6a23258ae47e5232e80a59da3
                                                                                                                                                                                • Opcode Fuzzy Hash: f8f61f009d3daf8c2db6a732b574bcd6eafb3dea196858b7c2c201f5376d76a6
                                                                                                                                                                                • Instruction Fuzzy Hash: FFE16E70904249DFDF10DFA4C988AAEBBB4AF48314F2444AEE556F7391CB389E45CB25
                                                                                                                                                                                Function 0040E7F4 Relevance: 1.8, APIs: 1, Instructions: 255COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040E7F9
                                                                                                                                                                                  • Part of subcall function 0040F836: __EH_prolog.LIBCMT ref: 0040F83B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 5841a615c09fbf76ed58d62a3638dd8cdf9950ce0f1466596aae37ec2b58234a
                                                                                                                                                                                • Instruction ID: 639e188e3e769c4c76ba7ddc7be71c767d86a570cac8f7036ff280b2304c1e48
                                                                                                                                                                                • Opcode Fuzzy Hash: 5841a615c09fbf76ed58d62a3638dd8cdf9950ce0f1466596aae37ec2b58234a
                                                                                                                                                                                • Instruction Fuzzy Hash: 5DC13670900259DFDB14DFA5C985BDEBBB4BF14308F1480AEE945B7282CB786A48CF65
                                                                                                                                                                                Function 0040F449 Relevance: 1.7, APIs: 1, Instructions: 207COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 9b629b237c488f6570121b27c448209f08593b0ec605445137fe85d2b2ac4caf
                                                                                                                                                                                • Instruction ID: 37dc011919f3b1358f9a833e213d0996983958fb9ee029613f358e4c9ba25a45
                                                                                                                                                                                • Opcode Fuzzy Hash: 9b629b237c488f6570121b27c448209f08593b0ec605445137fe85d2b2ac4caf
                                                                                                                                                                                • Instruction Fuzzy Hash: 3C815C70E00605ABCB24DFA5C881AEEFBB1BF48304F14453EE445B3791D739A949CB99
                                                                                                                                                                                Function 00408D5E Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00408D63
                                                                                                                                                                                  • Part of subcall function 00408F0B: __EH_prolog.LIBCMT ref: 00408F10
                                                                                                                                                                                  • Part of subcall function 00402635: __EH_prolog.LIBCMT ref: 0040263A
                                                                                                                                                                                  • Part of subcall function 00403981: __EH_prolog.LIBCMT ref: 00403986
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 36b5e3166ca3b1f8d5db55dd221efd9f49157a8127f57c891b42a07ad2a5d75a
                                                                                                                                                                                • Instruction ID: 2e5fef73c4a961ecd91826de13bda49669b7ee5ae1afd1ab178ba291f64b6413
                                                                                                                                                                                • Opcode Fuzzy Hash: 36b5e3166ca3b1f8d5db55dd221efd9f49157a8127f57c891b42a07ad2a5d75a
                                                                                                                                                                                • Instruction Fuzzy Hash: E5516D7190060AEFCF11DFA5C984A9EBBB4BF08314F10462EE556B72D1CB789A45CFA4
                                                                                                                                                                                Function 0040DB62 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 6102bc3ab49ae424949eee4761875b821dd30f392df23a536a372274e60046df
                                                                                                                                                                                • Instruction ID: 67e57bbcfb5e62c28ba97e2c762051c7e2fb602a8ee489b014dcb5d1e96c76cd
                                                                                                                                                                                • Opcode Fuzzy Hash: 6102bc3ab49ae424949eee4761875b821dd30f392df23a536a372274e60046df
                                                                                                                                                                                • Instruction Fuzzy Hash: DA419EB1E042059BEB14DF99C985ABEB7B5FF48304F14453EE402B7381D7B8A945CBA8
                                                                                                                                                                                Function 0040CD84 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 305c79b04e93cb02db0d94eb430663c97d837b050eba01e1428f85ec3b32050d
                                                                                                                                                                                • Instruction ID: 716710645470f9cf712b82a1641bf3e3a23618a4fc30be00c3c641d866b01c52
                                                                                                                                                                                • Opcode Fuzzy Hash: 305c79b04e93cb02db0d94eb430663c97d837b050eba01e1428f85ec3b32050d
                                                                                                                                                                                • Instruction Fuzzy Hash: 3151C531804146DFCB15CB68C4D4AEE7771EF48348F14827BE8167B2D2D6399A06DBEA
                                                                                                                                                                                Function 00401B11 Relevance: 1.6, APIs: 1, Instructions: 132COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 4a7b8dc75b00dab3078b6f2c0b685c16519ae0cc3006f02a661cb725d39e4b70
                                                                                                                                                                                • Instruction ID: dc66995ee082b2e59fd72de07b50a9d1ecefa8465c91578acc64d6d85ae5b981
                                                                                                                                                                                • Opcode Fuzzy Hash: 4a7b8dc75b00dab3078b6f2c0b685c16519ae0cc3006f02a661cb725d39e4b70
                                                                                                                                                                                • Instruction Fuzzy Hash: 7A51D071C042499FDF21DFA4C940BEEBBB4AF05394F14416AE851732E2E7789A41CB68
                                                                                                                                                                                Function 00402EFE Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00402F03
                                                                                                                                                                                  • Part of subcall function 0040335F: __EH_prolog.LIBCMT ref: 00403364
                                                                                                                                                                                  • Part of subcall function 004034CC: __EH_prolog.LIBCMT ref: 004034D1
                                                                                                                                                                                  • Part of subcall function 00403086: __EH_prolog.LIBCMT ref: 0040308B
                                                                                                                                                                                  • Part of subcall function 00403086: ShowWindow.USER32(004149B4,00000001,000001F4,00000000,?,?,00000000,00000003,00000000,00000000), ref: 004030E4
                                                                                                                                                                                  • Part of subcall function 00412FB0: CloseHandle.KERNEL32(00000000,00000000,0040301E,?,?,00000000,00000003,?,00000000,?,?,00000003,00000000,00000000), ref: 00412FBA
                                                                                                                                                                                  • Part of subcall function 00412FB0: GetLastError.KERNEL32(?,00000003,00000000,00000000), ref: 00412FC4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog$CloseErrorHandleLastShowWindow
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2740091781-0
                                                                                                                                                                                • Opcode ID: ff6c4989fb19675ef68ca375956eee5ae4812e1b4eacc71139d8660287abfd78
                                                                                                                                                                                • Instruction ID: 576321bfec054c9ee934bf83a6d4a944d332aa9064831fab6676e01313dc7821
                                                                                                                                                                                • Opcode Fuzzy Hash: ff6c4989fb19675ef68ca375956eee5ae4812e1b4eacc71139d8660287abfd78
                                                                                                                                                                                • Instruction Fuzzy Hash: FF419C71900248DBCB11EFA5C991AEDBBB4AF04304F1080BFE90AB72D2DA785B45CB59
                                                                                                                                                                                Function 0040C557 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 039900a8d840d8f65cf18cf377fd5bff5d9e595a8fad608146d0eb9be483e555
                                                                                                                                                                                • Instruction ID: 41554ca9dc53ee1e5d6d797d633c48513fe02739bc2a4d97afccdd4c6a3ff44e
                                                                                                                                                                                • Opcode Fuzzy Hash: 039900a8d840d8f65cf18cf377fd5bff5d9e595a8fad608146d0eb9be483e555
                                                                                                                                                                                • Instruction Fuzzy Hash: 89416C71A00645DFCB24CF68C48486ABBF1FF48314B244AAED096AB791C731ED46CF91
                                                                                                                                                                                Function 0040CF82 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040CF87
                                                                                                                                                                                  • Part of subcall function 0040F6E0: __EH_prolog.LIBCMT ref: 0040F6E5
                                                                                                                                                                                  • Part of subcall function 0040D0A6: __EH_prolog.LIBCMT ref: 0040D0AB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 247e6e783af1532b670e604df5ee4666ee67329ca8b2db34e45a1f618534d241
                                                                                                                                                                                • Instruction ID: 59bb91874275df73172cd70bf395014d1b371f9bee4586dc4e729df687399cc5
                                                                                                                                                                                • Opcode Fuzzy Hash: 247e6e783af1532b670e604df5ee4666ee67329ca8b2db34e45a1f618534d241
                                                                                                                                                                                • Instruction Fuzzy Hash: 87319630D01248DFCB11DFA9C548BEDBBB5AF15308F14406EE8457B381C7789A49DB66
                                                                                                                                                                                Function 00404C7B Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00404C80
                                                                                                                                                                                  • Part of subcall function 0040538E: __EH_prolog.LIBCMT ref: 00405393
                                                                                                                                                                                  • Part of subcall function 00404D9D: __EH_prolog.LIBCMT ref: 00404DA2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 6dc72206bd245cafb2647911a64ba6ec257f94c4ecccb129c79ed8e8911a3498
                                                                                                                                                                                • Instruction ID: 0660a226a4e50fecb0653b81f11b46c6c2fd203e4307a3c605ba457459dc5c86
                                                                                                                                                                                • Opcode Fuzzy Hash: 6dc72206bd245cafb2647911a64ba6ec257f94c4ecccb129c79ed8e8911a3498
                                                                                                                                                                                • Instruction Fuzzy Hash: C1318F75900208AADF05FBB5E8426EEBB75AF81318F10403FE452332D2DA781B46DE59
                                                                                                                                                                                Function 004061BF Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: d9c1e9faec99e7b1998a2bc5187c2ef0ae2cb4fa0e200bb6f77322db4a104a68
                                                                                                                                                                                • Instruction ID: a24cbab5944e5cd80d4d0b45cab95027a2511e7323fd1c0fe5e5f9bfcab47c11
                                                                                                                                                                                • Opcode Fuzzy Hash: d9c1e9faec99e7b1998a2bc5187c2ef0ae2cb4fa0e200bb6f77322db4a104a68
                                                                                                                                                                                • Instruction Fuzzy Hash: 97218F71A05246DBCB24FFA5C44046FB7A1AB4130472285BFE053772C1C738AE61CB6A
                                                                                                                                                                                Function 00413C73 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 00413D5A
                                                                                                                                                                                  • Part of subcall function 004154DA: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415517
                                                                                                                                                                                  • Part of subcall function 004154DA: EnterCriticalSection.KERNEL32(?,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415532
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1616793339-0
                                                                                                                                                                                • Opcode ID: cdeed90e400f99c9328ec8b59033d7a90e074e0a5ab5361bfbc3574a04fde8a1
                                                                                                                                                                                • Instruction ID: 026ee179866774db734838c78619ddc809868a86b22b68076f663e2312d1f49b
                                                                                                                                                                                • Opcode Fuzzy Hash: cdeed90e400f99c9328ec8b59033d7a90e074e0a5ab5361bfbc3574a04fde8a1
                                                                                                                                                                                • Instruction Fuzzy Hash: D4219772A00605EBDB10DF69EC42BDA7764FB00765F20411BF421EB6D0D77CAAC28A9C
                                                                                                                                                                                Function 00413D6F Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,00000000,?,00000000,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074), ref: 00413E43
                                                                                                                                                                                  • Part of subcall function 004154DA: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415517
                                                                                                                                                                                  • Part of subcall function 004154DA: EnterCriticalSection.KERNEL32(?,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415532
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterFreeHeapInitialize
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 641406236-0
                                                                                                                                                                                • Opcode ID: 841176424f551508ca039d1f5d574a0052902f767b8dc575c65ddda1a9f22b4e
                                                                                                                                                                                • Instruction ID: 5a14261a50f2f4ae8fe925cd7ff68077a924e970bbdc1eb83d0c2eed9fb11c58
                                                                                                                                                                                • Opcode Fuzzy Hash: 841176424f551508ca039d1f5d574a0052902f767b8dc575c65ddda1a9f22b4e
                                                                                                                                                                                • Instruction Fuzzy Hash: 2421C272901705FADB10AF96DC02BDE7BB8EB04725F24012BF414B21C0D77C9AC08AA9
                                                                                                                                                                                Function 004052CF Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004052D4
                                                                                                                                                                                  • Part of subcall function 004050EE: __EH_prolog.LIBCMT ref: 004050F3
                                                                                                                                                                                  • Part of subcall function 004050EE: GetTempPathA.KERNEL32(00000105,?,00000000,?,00000000), ref: 00405127
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog$PathTemp
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3652545363-0
                                                                                                                                                                                • Opcode ID: 1ef5fa40e20091595c8a07c7add8e04f0ea87ba7b14c6b9ab7bd2a47fc7370d7
                                                                                                                                                                                • Instruction ID: 884fa5787797a708672a5e156f09df22a5f972d3b51e26f7068c24b8b673b68a
                                                                                                                                                                                • Opcode Fuzzy Hash: 1ef5fa40e20091595c8a07c7add8e04f0ea87ba7b14c6b9ab7bd2a47fc7370d7
                                                                                                                                                                                • Instruction Fuzzy Hash: 5211A3759401059ACF00EFA5C552AEFBBB8EF95348F14402FE841732D1C7B90A49DE54
                                                                                                                                                                                Function 00409DFC Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00409E01
                                                                                                                                                                                  • Part of subcall function 004099F1: __EH_prolog.LIBCMT ref: 004099F6
                                                                                                                                                                                  • Part of subcall function 00409A39: __EH_prolog.LIBCMT ref: 00409A3E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: e2be988a2ed4eac1d18d94ffb3dcbee280352d40f72ce7d9b7b55f505c73744e
                                                                                                                                                                                • Instruction ID: 728224cdcdeea9a50de84ff331f734dd83e0a6071a74e90d77f9a4778d081c57
                                                                                                                                                                                • Opcode Fuzzy Hash: e2be988a2ed4eac1d18d94ffb3dcbee280352d40f72ce7d9b7b55f505c73744e
                                                                                                                                                                                • Instruction Fuzzy Hash: 931182B0A01254DADB09EBAAC1153DDFBF59FA1318F54415F9552732C2CBF82B0487A6
                                                                                                                                                                                Function 00409070 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00409075
                                                                                                                                                                                  • Part of subcall function 00402635: __EH_prolog.LIBCMT ref: 0040263A
                                                                                                                                                                                  • Part of subcall function 00405620: __EH_prolog.LIBCMT ref: 00405625
                                                                                                                                                                                  • Part of subcall function 00413B0D: RaiseException.KERNEL32(00000003,00000000,00000003,?,00000003,?,00000003,00000000,00000000,00401055,00000003,?,00000000), ref: 00413B3B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog$ExceptionRaise
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2062786585-0
                                                                                                                                                                                • Opcode ID: 17dae63e629c91cb1e915b62325b494edd8ae92648c1e9e6482c4593510b450f
                                                                                                                                                                                • Instruction ID: c87fc69b1ce411278b5c4cd36917e57d7785db396d8ca4da128de4c157d2198f
                                                                                                                                                                                • Opcode Fuzzy Hash: 17dae63e629c91cb1e915b62325b494edd8ae92648c1e9e6482c4593510b450f
                                                                                                                                                                                • Instruction Fuzzy Hash: 1601D2B5A402049ECB10EF26C451ADEBBB1FF84314F10852FE896A32E1CB796649CB54
                                                                                                                                                                                Function 00404D9D Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00404DA2
                                                                                                                                                                                  • Part of subcall function 00402635: __EH_prolog.LIBCMT ref: 0040263A
                                                                                                                                                                                  • Part of subcall function 00404C7B: __EH_prolog.LIBCMT ref: 00404C80
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 18405f4c0d880bec3e922aa4c9b5ff5099531c36fa8d11a3d65d4747df157ff4
                                                                                                                                                                                • Instruction ID: c12cd56ed1da6f8f3309a170c4af404c99ee060c25f5595f7f47df5e0c6ff15a
                                                                                                                                                                                • Opcode Fuzzy Hash: 18405f4c0d880bec3e922aa4c9b5ff5099531c36fa8d11a3d65d4747df157ff4
                                                                                                                                                                                • Instruction Fuzzy Hash: 8701F2B2904004DFCB09EF54D952BEDBB70AF59308F00402EE102772E2CB794B4ADA58
                                                                                                                                                                                Function 004027A7 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004027AC
                                                                                                                                                                                  • Part of subcall function 004049F4: CreateDirectoryA.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A13
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateDirectoryH_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3554458247-0
                                                                                                                                                                                • Opcode ID: 1d6ed87279fcce4dfaa36ce39d8da3d177537eb6a1ece7d61f11b0fb4062048b
                                                                                                                                                                                • Instruction ID: aa96bd448e9fa33173a2259148c0e22656dcd3e9b7c7d25cba760d9f6e75f00f
                                                                                                                                                                                • Opcode Fuzzy Hash: 1d6ed87279fcce4dfaa36ce39d8da3d177537eb6a1ece7d61f11b0fb4062048b
                                                                                                                                                                                • Instruction Fuzzy Hash: 55F03C729005069BCB05EB5AC8429EEBBB5EF94308F10403FE152775E2DA786986DB94
                                                                                                                                                                                Function 00406297 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040629C
                                                                                                                                                                                  • Part of subcall function 004061BF: __EH_prolog.LIBCMT ref: 004061C4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 6c2e6a82ad44a3596cf000a5615c5b739901b0aaac1cec813de11ba17f646bcd
                                                                                                                                                                                • Instruction ID: d002f29cd99a7d9c36b9a014c837f136803fcb54798139eb5382dd41199f51d8
                                                                                                                                                                                • Opcode Fuzzy Hash: 6c2e6a82ad44a3596cf000a5615c5b739901b0aaac1cec813de11ba17f646bcd
                                                                                                                                                                                • Instruction Fuzzy Hash: 2BF03A72A00218EFDB15DF94CC01BEEB779FB48315F10816AB422E72D0C7798A10CB14
                                                                                                                                                                                Function 0040C96C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040C971
                                                                                                                                                                                  • Part of subcall function 0040C9E3: __EH_prolog.LIBCMT ref: 0040C9E8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 97d13476a1578dbbb8b7321e23e8bd518515a52fd3c7649a69e8943f484a5e8b
                                                                                                                                                                                • Instruction ID: 180fbe891bab88941c19a906eef3a01802dada044b7360aafa1ebd8752043cfb
                                                                                                                                                                                • Opcode Fuzzy Hash: 97d13476a1578dbbb8b7321e23e8bd518515a52fd3c7649a69e8943f484a5e8b
                                                                                                                                                                                • Instruction Fuzzy Hash: 66F0FCB0911640DEC719EB74D1153DDFBB4AF55308F50419E9956736C2CFB81708C765
                                                                                                                                                                                Function 0040F7B7 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: bb90e7ebcb29319b03c6d5e4323d4cb4f67b34d85f0d0dd44e1e80a271162d10
                                                                                                                                                                                • Instruction ID: ac64c31c834abe54e412618b162bf05c7167bd146dfe5a37d1803cc4d2d3be92
                                                                                                                                                                                • Opcode Fuzzy Hash: bb90e7ebcb29319b03c6d5e4323d4cb4f67b34d85f0d0dd44e1e80a271162d10
                                                                                                                                                                                • Instruction Fuzzy Hash: 94E012B1A00155ABCB58EF69D80669DBAA5AB09318F10863FB026F36C1DB784A418B59
                                                                                                                                                                                Function 00405BFB Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00405C13
                                                                                                                                                                                  • Part of subcall function 00413B0D: RaiseException.KERNEL32(00000003,00000000,00000003,?,00000003,?,00000003,00000000,00000000,00401055,00000003,?,00000000), ref: 00413B3B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocExceptionRaiseString
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1415472724-0
                                                                                                                                                                                • Opcode ID: 585828f0663470c28d012fa7c31560623ec32af21cf032640c5ea50ac41654d0
                                                                                                                                                                                • Instruction ID: bf266c775eafc0cd132ea201270a7534faa964ceb55315cc87c56e89072e7831
                                                                                                                                                                                • Opcode Fuzzy Hash: 585828f0663470c28d012fa7c31560623ec32af21cf032640c5ea50ac41654d0
                                                                                                                                                                                • Instruction Fuzzy Hash: B7E06D32200708A7CB20AF65D84198B7BE8FF00385B10C43FF949DA240E779E9808BD8
                                                                                                                                                                                Function 00405800 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00405805
                                                                                                                                                                                  • Part of subcall function 00405620: __EH_prolog.LIBCMT ref: 00405625
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: d031f65d966fd76414b5e485b8cf5b0e5999cd66b44c505832369a9b765ef076
                                                                                                                                                                                • Instruction ID: a0f610f1b5e032532ed1cec3649959bf66a41b4e8af70f58d5593db508bcf515
                                                                                                                                                                                • Opcode Fuzzy Hash: d031f65d966fd76414b5e485b8cf5b0e5999cd66b44c505832369a9b765ef076
                                                                                                                                                                                • Instruction Fuzzy Hash: 46E04FB3D410049ACB05EB65E9527EDB378EF61319F50407FE412735D18B381F09CA58
                                                                                                                                                                                Function 00405B29 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00405B4C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileWrite
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                                                • Opcode ID: f685ec6030a7cae57bc9182c2f64f11e19c4f82e6ad9756b6e5eb0af141a467c
                                                                                                                                                                                • Instruction ID: fda623b9c22c7fd134ddab0a411968f0e63156441233f4ee367e8c40c556ab77
                                                                                                                                                                                • Opcode Fuzzy Hash: f685ec6030a7cae57bc9182c2f64f11e19c4f82e6ad9756b6e5eb0af141a467c
                                                                                                                                                                                • Instruction Fuzzy Hash: 17E0E575640208FBCB11CFA5C801B8E7BF9EB08354F20C169F914AA260D739EA11DF54
                                                                                                                                                                                Function 0040C931 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040C936
                                                                                                                                                                                  • Part of subcall function 0040C96C: __EH_prolog.LIBCMT ref: 0040C971
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 2f93a48584fc243b76bceec8380402125645ced17a7c1bf7a60211c0ce45116c
                                                                                                                                                                                • Instruction ID: 8adf79bcf0a25fb823e60414124b99f072840e3085735b9c49c9779a3d641231
                                                                                                                                                                                • Opcode Fuzzy Hash: 2f93a48584fc243b76bceec8380402125645ced17a7c1bf7a60211c0ce45116c
                                                                                                                                                                                • Instruction Fuzzy Hash: 6EE01A71811620EBC724EF58C4456DEB7B4EF08725F00875EA4E6B36D1C7B8AE40CB94
                                                                                                                                                                                Function 004147B4 Relevance: 1.5, APIs: 1, Instructions: 20threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExitThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2158977761-0
                                                                                                                                                                                • Opcode ID: 6c939c18724e7789034020813005a1b29b75e21fb5f5d6c1b381c2503cc8d902
                                                                                                                                                                                • Instruction ID: 835638d51d7e690d80ddf8f11569568d1c7a5f433119f1d0283a2071334468ba
                                                                                                                                                                                • Opcode Fuzzy Hash: 6c939c18724e7789034020813005a1b29b75e21fb5f5d6c1b381c2503cc8d902
                                                                                                                                                                                • Instruction Fuzzy Hash: CDE08C32900925AADB223BA1DC06AEE3620AF81394F00002BF8146A5A0DBA88CD186D9
                                                                                                                                                                                Function 0040F6E0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 0040F6E5
                                                                                                                                                                                  • Part of subcall function 0040F449: __EH_prolog.LIBCMT ref: 0040F44E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 0c00a6b9b995e6d122d0d1e5645fdc19a4d57d2469026a55dc4bfd6035115874
                                                                                                                                                                                • Instruction ID: 32d4a89d334c2aba7f1f5d27adfa0c04a02a885b7174eb98eed18e47b0b867f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 0c00a6b9b995e6d122d0d1e5645fdc19a4d57d2469026a55dc4bfd6035115874
                                                                                                                                                                                • Instruction Fuzzy Hash: 1DD012B2515104FBD7109F45D842BDEBBB8EB51369F10813BF00171540D37D5644966A
                                                                                                                                                                                Function 00405A1D Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ReadFile.KERNELBASE(000000FF,00000000,?,?,00000000,000000FF,?,00405A68,00000000,?,00000000,?,00405A8E,00000000,?,00000000), ref: 00405A33
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                • Opcode ID: 7899785fd51540d5028ce756fcdedcbfaef9db2fe3ec3db1f53401f618f66a8a
                                                                                                                                                                                • Instruction ID: 33e006b7c7266c94de2827aaddd493f3c8d551b448fa911b85e4ce9a1db514e9
                                                                                                                                                                                • Opcode Fuzzy Hash: 7899785fd51540d5028ce756fcdedcbfaef9db2fe3ec3db1f53401f618f66a8a
                                                                                                                                                                                • Instruction Fuzzy Hash: A4E0EC75200208FBCB01CF91CC05FCE7BB9FB49754F208058E90596160C375AA14EB54
                                                                                                                                                                                Function 004147BF Relevance: 1.5, APIs: 1, Instructions: 17threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExitThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2158977761-0
                                                                                                                                                                                • Opcode ID: 24773d02a99502e401f88b35345ffc50176b794b148236fecf9e645f2ac90187
                                                                                                                                                                                • Instruction ID: b4e95b568d212fcbc8e7df7edbfd3446e029e3f46d4ca6baaecf21535c38ed65
                                                                                                                                                                                • Opcode Fuzzy Hash: 24773d02a99502e401f88b35345ffc50176b794b148236fecf9e645f2ac90187
                                                                                                                                                                                • Instruction Fuzzy Hash: 2AD0A732600E25AAD6223771DC467EF2244AF81795B04012BF818895A0DFA8CDC145DD
                                                                                                                                                                                Function 004108E3 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: 3c414d0e598a2762300348070d52fddf76210b859c0463ac87f97a28b21ab5e3
                                                                                                                                                                                • Instruction ID: bd32bc9f3554b9ba336b28c43d9e2ad3a54d111b9d1e235f4c6b0d09c29f6621
                                                                                                                                                                                • Opcode Fuzzy Hash: 3c414d0e598a2762300348070d52fddf76210b859c0463ac87f97a28b21ab5e3
                                                                                                                                                                                • Instruction Fuzzy Hash: 2AD05BB1B001449BDB08EF75845179D77F4EB44304F10857FE016E37C1DB784A804619
                                                                                                                                                                                Function 00405414 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindClose.KERNELBASE(?,000000FF,00405445,000000FF), ref: 0040541F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseFind
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1863332320-0
                                                                                                                                                                                • Opcode ID: f0ce2bef5821c107b9489e8e4dd061de71a9af92eaf728c2451e2811c290832d
                                                                                                                                                                                • Instruction ID: ad963fc5273d8b9d86916b47fb17bcd605870b12c06d71a74b716dd917e87850
                                                                                                                                                                                • Opcode Fuzzy Hash: f0ce2bef5821c107b9489e8e4dd061de71a9af92eaf728c2451e2811c290832d
                                                                                                                                                                                • Instruction Fuzzy Hash: D4D0123151453157CA641E7C7848AD333D99A1637537157AAF4B4D32E0D3749CC34A98
                                                                                                                                                                                Function 00405AFC Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFileTime.KERNELBASE(?,?,?,?,00405B26,00000000,00000000,?,00402E13,?), ref: 00405B0A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileTime
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1425588814-0
                                                                                                                                                                                • Opcode ID: 2b6a10e293fa4a8bd52839064a41e39e160aca85d3804aec240939be71bd967c
                                                                                                                                                                                • Instruction ID: 4beff7ba357006865f39a04876becaa9faf69e640e246345c6c1d8862761ec95
                                                                                                                                                                                • Opcode Fuzzy Hash: 2b6a10e293fa4a8bd52839064a41e39e160aca85d3804aec240939be71bd967c
                                                                                                                                                                                • Instruction Fuzzy Hash: 29C04C36159106FF8F120F70CC04D1ABFA2EF99311F10C958B165C5070C7328024EB52
                                                                                                                                                                                Function 00412FF0 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 0041468E: CreateThread.KERNELBASE(00000000,00000003,004146F9,00000000,00000000,?), ref: 004146CF
                                                                                                                                                                                  • Part of subcall function 0041468E: GetLastError.KERNEL32(?,?,?,00413009,00000000,00000000,004032CA,?,00000000,00000000,?,00402FAB,?,00000000,?), ref: 004146D9
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000003,00000000,00000000), ref: 00413018
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLast$CreateThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 665435222-0
                                                                                                                                                                                • Opcode ID: fdfffcc17890bcc66e85f81167f5a4f4e376ab203a2f001e3d39f9f51099ce04
                                                                                                                                                                                • Instruction ID: 8241f09584fde1b7b47d6c8a5a56a0c389c2bf5d01a37efb599b640c9bda9e89
                                                                                                                                                                                • Opcode Fuzzy Hash: fdfffcc17890bcc66e85f81167f5a4f4e376ab203a2f001e3d39f9f51099ce04
                                                                                                                                                                                • Instruction Fuzzy Hash: 4EE086B22042126AE310DF509C05FE76ADCDB94B05F00443EB944C6184EB64CA40C3A9
                                                                                                                                                                                Function 00405905 Relevance: 1.3, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000,000000FF,004058A0,?,?,00000000), ref: 00405910
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                • Opcode ID: 9cbe10086181c6cf337a739c26a2519d1510d6718cc7d35307e3d92904545fb4
                                                                                                                                                                                • Instruction ID: c924a9121967eb2c43d42ee71539138ee39fbcc7c8c6d5ba34c486a20a6e0004
                                                                                                                                                                                • Opcode Fuzzy Hash: 9cbe10086181c6cf337a739c26a2519d1510d6718cc7d35307e3d92904545fb4
                                                                                                                                                                                • Instruction Fuzzy Hash: 93D0127151456197CE742E7C78445C337D8DA463303311B6BF4B0D32E0D3748D835A98
                                                                                                                                                                                Function 00410F40 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000,00020000,00001000,00000004,004103C8), ref: 00410F51
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                • Opcode ID: 91e70fcb83806e64083a323eb2e3944731c0f93bc5a264736d7e7e867113384b
                                                                                                                                                                                • Instruction ID: 07720a170ef6d50c918e2da5ca2fe5f7ddfb2e687cae5d42b3df39ad5892c3a5
                                                                                                                                                                                • Opcode Fuzzy Hash: 91e70fcb83806e64083a323eb2e3944731c0f93bc5a264736d7e7e867113384b
                                                                                                                                                                                • Instruction Fuzzy Hash: DDB012B039138075FF7843208C1FFE71200A340B87F0080A8BB05D81C4E7D064C0501C
                                                                                                                                                                                Function 00410F60 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VirtualFree.KERNELBASE(?,00000000,00008000,0040664A,?,00406624), ref: 00410F6C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1263568516-0
                                                                                                                                                                                • Opcode ID: 1327e01bd96d07ee7a5a75ed87afd8ac78764046635013dfe708143c48cadece
                                                                                                                                                                                • Instruction ID: a132bef15ba7b425f1065e5a097c2bb543b957559febc4b94616fea76008790a
                                                                                                                                                                                • Opcode Fuzzy Hash: 1327e01bd96d07ee7a5a75ed87afd8ac78764046635013dfe708143c48cadece
                                                                                                                                                                                • Instruction Fuzzy Hash: 3BB0123424120031ED7807200C1AB5711005701701F10C1183102642C087D4B440450C

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 004180F0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,0041772A,?,Microsoft Visual C++ Runtime Library,00012010,?,0041BD34,?,0041BD84,?,?,?,Runtime Error!Program: ), ref: 00418102
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0041811A
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0041812B
                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00418138
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                                                                                • API String ID: 2238633743-4044615076
                                                                                                                                                                                • Opcode ID: 595171f737e70550edc5abd38f068ead7bf618b78638dd3ba3c6e0fb0d2712e4
                                                                                                                                                                                • Instruction ID: 415fa372477fd235fe75ca2ef0ffa9dc0df8c28a9075a0eab2fce08d3bc4b09a
                                                                                                                                                                                • Opcode Fuzzy Hash: 595171f737e70550edc5abd38f068ead7bf618b78638dd3ba3c6e0fb0d2712e4
                                                                                                                                                                                • Instruction Fuzzy Hash: F5012572700241BF87219FB5AD849DBBAE9EB49751354443FB504C2220DB7CC9C39B69
                                                                                                                                                                                Function 0040E38E Relevance: 1.7, APIs: 1, Instructions: 246COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3519838083-0
                                                                                                                                                                                • Opcode ID: ef3f0dd97c369c2370b5d413364e2112772f158c67037ae1847bc74799d93c78
                                                                                                                                                                                • Instruction ID: 6f1b27b05ce828494dcdc0ca2a3df983f9883c238a6bb878f092976797e95433
                                                                                                                                                                                • Opcode Fuzzy Hash: ef3f0dd97c369c2370b5d413364e2112772f158c67037ae1847bc74799d93c78
                                                                                                                                                                                • Instruction Fuzzy Hash: 68A1EB70E002099BCB18DF96C8919AEB7B2FF94318F14883FE915A7391D738AD52CB55
                                                                                                                                                                                Function 0041561A Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000155D4), ref: 0041561F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                • Opcode ID: c73d5215fbd9f9fa44ce3c8db65af6300706d886bcb472667e49ab47f89b2735
                                                                                                                                                                                • Instruction ID: 5929198a1c1d143ebb6d47ac1dc9c369120d6613942f0ebcbf50c4dd8c3cbf29
                                                                                                                                                                                • Opcode Fuzzy Hash: c73d5215fbd9f9fa44ce3c8db65af6300706d886bcb472667e49ab47f89b2735
                                                                                                                                                                                • Instruction Fuzzy Hash: 57A001B5A41605DA8A209F60A8095C5BE62A689B42B608166A811E5268DFB812419A69
                                                                                                                                                                                Function 0041562C Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32 ref: 00415631
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                • Opcode ID: 80fdf592cfe35f6ca0a49e156fc06359dfcc477da488757324292bdf2a3d88f1
                                                                                                                                                                                • Instruction ID: 3aa75b883a8314cf8793ebdd48d7cbf343a2d53b1036c531b3b3a2656884bc9f
                                                                                                                                                                                • Opcode Fuzzy Hash: 80fdf592cfe35f6ca0a49e156fc06359dfcc477da488757324292bdf2a3d88f1
                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                Function 00412480 Relevance: .5, Instructions: 481COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                                                                                                                                                                • Instruction ID: f7c307c9948f0502eef9bcc932476d7ce99f20ff48e31f419bd1d6f291c9dace
                                                                                                                                                                                • Opcode Fuzzy Hash: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                                                                                                                                                                • Instruction Fuzzy Hash: BD023A72A042114BC71DCE18C6902B9BBE2FBD5350F110A3FE496D7A84D7B8D8E5CB99
                                                                                                                                                                                Function 00416076 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                                                                                                                                • Instruction ID: 6f6e9ae2f3605818a2c8e7767e34e4a9399a597c595f09bc79f2493b2d2310b3
                                                                                                                                                                                • Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                                                                                                                                • Instruction Fuzzy Hash: 3EB17C7590120ADFDB15CF04C5D0AE9BBA1FF58318F25C1AEC85A4B382C735EA86CB94
                                                                                                                                                                                Function 004039C8 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8b1b8b3e4e9aa519cc0883e8f2e9399227ae21cf5f78173f93e12a8e0ced7762
                                                                                                                                                                                • Instruction ID: 7f21fa5966f3e8744179bfb474c2758024c7c669c00a9d4920a80f5d7b425c19
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b1b8b3e4e9aa519cc0883e8f2e9399227ae21cf5f78173f93e12a8e0ced7762
                                                                                                                                                                                • Instruction Fuzzy Hash: D621427E370D0607A71C8B6AAD336B921D1E38430A7C8A03DE64BC53C1EE6DD595C60D
                                                                                                                                                                                Function 00418CC1 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
                                                                                                                                                                                • Instruction ID: 99a347de7b16eca0cbeab8721e5afb4e5ad46217b84f2e64c48f172e38bf97ef
                                                                                                                                                                                • Opcode Fuzzy Hash: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
                                                                                                                                                                                • Instruction Fuzzy Hash: 2B21C83290062547C702DE6DF4845A7F391FBD4369F134727ED8467291C629A854D6E0
                                                                                                                                                                                Function 00418D9B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
                                                                                                                                                                                • Instruction ID: 71e75c779d64757812c6fa0593de5e91038406040dd0a6985e9d44633d38c26d
                                                                                                                                                                                • Opcode Fuzzy Hash: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
                                                                                                                                                                                • Instruction Fuzzy Hash: BC2137725105258BC701DF2DF4886B7B3E1FFD4319F638A3BD8818B1C1CA29D881D694
                                                                                                                                                                                Function 004185ED Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LCMapStringW.KERNEL32(00000000,00000100,0041BE00,00000001,00000000,00000000,7622E860,004256E4,?,?,?,0041848E,?,?,?,00000000), ref: 0041862F
                                                                                                                                                                                • LCMapStringA.KERNEL32(00000000,00000100,0041BDFC,00000001,00000000,00000000,?,?,0041848E,?,?,?,00000000,00000001), ref: 0041864B
                                                                                                                                                                                • LCMapStringA.KERNEL32(?,?,?,0041848E,?,?,7622E860,004256E4,?,?,?,0041848E,?,?,?,00000000), ref: 00418694
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,VB,?,0041848E,00000000,00000000,7622E860,004256E4,?,?,?,0041848E,?,?,?,00000000), ref: 004186CC
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,?,0041848E,?,00000000,?,?,0041848E,?), ref: 00418724
                                                                                                                                                                                • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,0041848E,?), ref: 0041873A
                                                                                                                                                                                • LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,0041848E,?), ref: 0041876D
                                                                                                                                                                                • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,0041848E,?), ref: 004187D5
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: String$ByteCharMultiWide
                                                                                                                                                                                • String ID: VB
                                                                                                                                                                                • API String ID: 352835431-2416070386
                                                                                                                                                                                • Opcode ID: 003663a998c404720e509784b904756e9dc21287fecc91c3ae78f0538cf30181
                                                                                                                                                                                • Instruction ID: 75fdc42d4ca3b2d5695a32d80f34dcfea13c9c9e1b2be43f5f9a41df7731755a
                                                                                                                                                                                • Opcode Fuzzy Hash: 003663a998c404720e509784b904756e9dc21287fecc91c3ae78f0538cf30181
                                                                                                                                                                                • Instruction Fuzzy Hash: A6515F31900609EFCF218F65CC45EEF7FB5FB48754F20412AF925A12A0D7398991DBA9
                                                                                                                                                                                Function 004172DF Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 004172FA
                                                                                                                                                                                • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 0041730E
                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 0041733A
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,0041496A), ref: 00417372
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,0041496A), ref: 00417394
                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,0041496A), ref: 004173AD
                                                                                                                                                                                • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 004173C0
                                                                                                                                                                                • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 004173FE
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                                                                                • String ID: jIA
                                                                                                                                                                                • API String ID: 1823725401-2590053038
                                                                                                                                                                                • Opcode ID: dcd9eacb03994a91aa73d6441958e3731b9086dbddb026e1bfa459d91ea586b1
                                                                                                                                                                                • Instruction ID: 8edd1d2af646b02ed721f394ba4169bf36ee68eca66066dd640126c456dfff16
                                                                                                                                                                                • Opcode Fuzzy Hash: dcd9eacb03994a91aa73d6441958e3731b9086dbddb026e1bfa459d91ea586b1
                                                                                                                                                                                • Instruction Fuzzy Hash: 7631D47250C219AFD7317F689C888FB7ABCE649354715053BFD66C3201E6288CC1E2AD
                                                                                                                                                                                Function 00417606 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 00417673
                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F4,0041BD34,00000000,00000000,00000000,?), ref: 00417749
                                                                                                                                                                                • WriteFile.KERNEL32(00000000), ref: 00417750
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$HandleModuleNameWrite
                                                                                                                                                                                • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $x*B
                                                                                                                                                                                • API String ID: 3784150691-2083536112
                                                                                                                                                                                • Opcode ID: 9f3ee68eedca8c04870b7c4ba6519361572a149120d3a6d5458ca0bba870cf42
                                                                                                                                                                                • Instruction ID: d3223577c50248063a34d8f4d7298abe086d5d3d0ee639c6b3bd3f24b9ad2996
                                                                                                                                                                                • Opcode Fuzzy Hash: 9f3ee68eedca8c04870b7c4ba6519361572a149120d3a6d5458ca0bba870cf42
                                                                                                                                                                                • Instruction Fuzzy Hash: 5931D2726002186FDF20DA60DD46FDA377DEF89304F5005ABF544D6181EB78AAC48B5D
                                                                                                                                                                                Function 0041883C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetStringTypeW.KERNEL32(00000001,0041BE00,00000001,?,7622E860,004256E4,?,?,0041848E,?,?,?,00000000,00000001), ref: 0041887B
                                                                                                                                                                                • GetStringTypeA.KERNEL32(00000000,00000001,0041BDFC,00000001,?,?,0041848E,?,?,?,00000000,00000001), ref: 00418895
                                                                                                                                                                                • GetStringTypeA.KERNEL32(?,?,?,?,0041848E,7622E860,004256E4,?,?,0041848E,?,?,?,00000000,00000001), ref: 004188C9
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,VB,?,?,00000000,00000000,7622E860,004256E4,?,?,0041848E,?,?,?,00000000,00000001), ref: 00418901
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,0041848E,?), ref: 00418957
                                                                                                                                                                                • GetStringTypeW.KERNEL32(?,?,00000000,0041848E,?,?,?,?,?,?,0041848E,?), ref: 00418969
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: StringType$ByteCharMultiWide
                                                                                                                                                                                • String ID: VB
                                                                                                                                                                                • API String ID: 3852931651-2416070386
                                                                                                                                                                                • Opcode ID: f366ae1a1c4feb3856e7e49d67d86268e533ee02966d98845c911f14f75699a6
                                                                                                                                                                                • Instruction ID: 0deb4df31157d4fbbd2276260d368b45192e758527c12e7bc8b96f729eb23429
                                                                                                                                                                                • Opcode Fuzzy Hash: f366ae1a1c4feb3856e7e49d67d86268e533ee02966d98845c911f14f75699a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 85418FB2A00209BFCF209F94DC86EEF7F79EB08754F10452AF915D2250C7389991DB99
                                                                                                                                                                                Function 00417411 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetStartupInfoA.KERNEL32(?), ref: 0041746F
                                                                                                                                                                                • GetFileType.KERNEL32(?,?,00000000), ref: 0041751A
                                                                                                                                                                                • GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 0041757D
                                                                                                                                                                                • GetFileType.KERNEL32(00000000,?,00000000), ref: 0041758B
                                                                                                                                                                                • SetHandleCount.KERNEL32 ref: 004175C2
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileHandleType$CountInfoStartup
                                                                                                                                                                                • String ID: $YB
                                                                                                                                                                                • API String ID: 1710529072-867103119
                                                                                                                                                                                • Opcode ID: 0f20f78b1d243ceb825b791af9b59c2038ed572102f9f62c4ccf998fd163e942
                                                                                                                                                                                • Instruction ID: 9157860cf2e7af3a35f89051d0ae9de0bf945cd889ae2d4a6076f2c4651d7c80
                                                                                                                                                                                • Opcode Fuzzy Hash: 0f20f78b1d243ceb825b791af9b59c2038ed572102f9f62c4ccf998fd163e942
                                                                                                                                                                                • Instruction Fuzzy Hash: B75135716086019FC720CF28D8897B63BB1EB05338F64466EC566CB6E0DB38C986C75D
                                                                                                                                                                                Function 00415680 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetVersionExA.KERNEL32 ref: 0041569F
                                                                                                                                                                                • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 004156D4
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00415734
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                                                                                                                • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                                                                                                                • API String ID: 1385375860-4131005785
                                                                                                                                                                                • Opcode ID: 352f7edc9f3896d13c070371f2d33d0b51665e116eb32c5a0d287e401f1eefe3
                                                                                                                                                                                • Instruction ID: 6eb182bd46f731c3af8b1d07a07b8df2d0194a1b299ff80343aa6f034c3c884c
                                                                                                                                                                                • Opcode Fuzzy Hash: 352f7edc9f3896d13c070371f2d33d0b51665e116eb32c5a0d287e401f1eefe3
                                                                                                                                                                                • Instruction Fuzzy Hash: 56312671945648EDEB3186706C87BDF3B788B46704F6400DBD199D52C2E6398ECA8B2D
                                                                                                                                                                                Function 00403A90 Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CharUpperW.USER32(00000000,00000000,?,00000000,00000000,?,00403B58), ref: 00403AAB
                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,00403B58), ref: 00403AB7
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,?,00000004,00000000,00000000,?,00000000,00000000,?,00403B58), ref: 00403AD2
                                                                                                                                                                                • CharUpperA.USER32(?,?,00000000,00000000,?,00403B58), ref: 00403AEB
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,?,00000001,?,00000000,00000000,?,00403B58), ref: 00403AFE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Char$ByteMultiUpperWide$ErrorLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3939315453-0
                                                                                                                                                                                • Opcode ID: 7c2300f256f82e2aee6372cd28c35fbf20af8ddddc15953858da8d33bcd8cfd2
                                                                                                                                                                                • Instruction ID: dd72d820dddc2be4d64e736f5eaa813d5c8cd4bb6d440344005d5656a272e87c
                                                                                                                                                                                • Opcode Fuzzy Hash: 7c2300f256f82e2aee6372cd28c35fbf20af8ddddc15953858da8d33bcd8cfd2
                                                                                                                                                                                • Instruction Fuzzy Hash: D60144B64002187ADB10ABE49C89DEBBE7CEB04259F014472F952E2281E2796E4487A8
                                                                                                                                                                                Function 004152F3 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(00000103,7FFFFFFF,00416CBF,0041798E,00000000,?,?,00000000,00000001), ref: 004152F5
                                                                                                                                                                                • TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 00415303
                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 0041534F
                                                                                                                                                                                  • Part of subcall function 00416CCC: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00416DC2
                                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 00415327
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00415338
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2020098873-0
                                                                                                                                                                                • Opcode ID: 9020ed6c5573c52789434ca8060b3935b73b18465b1892a80f2ba475462c6b54
                                                                                                                                                                                • Instruction ID: c348f308811c55cc6791f5f2c72cac7d5a6c02788d8c3db17f30136ca92006f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 9020ed6c5573c52789434ca8060b3935b73b18465b1892a80f2ba475462c6b54
                                                                                                                                                                                • Instruction Fuzzy Hash: B4F09632600615ABC6312B70AC096DB3A51EB857E1B15413AF951972A0DB78888197DD
                                                                                                                                                                                Function 0041843D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InterlockedIncrement.KERNEL32(004256E4), ref: 00418463
                                                                                                                                                                                • InterlockedDecrement.KERNEL32(004256E4), ref: 00418478
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Interlocked$DecrementIncrement
                                                                                                                                                                                • String ID: VB
                                                                                                                                                                                • API String ID: 2172605799-2416070386
                                                                                                                                                                                • Opcode ID: 3f0e7dfc381ab69d5717ddb5ba06b4fa70db5411652d110c580bb33579a080f3
                                                                                                                                                                                • Instruction ID: b2465ecea32c92352f716010131fb348419f683e9d2febfe3e70f5b1b578e6df
                                                                                                                                                                                • Opcode Fuzzy Hash: 3f0e7dfc381ab69d5717ddb5ba06b4fa70db5411652d110c580bb33579a080f3
                                                                                                                                                                                • Instruction Fuzzy Hash: 35F0C232201612EBD720AF56ECC19CF6755EB81326F50843FF00989190DF7899C2995E
                                                                                                                                                                                Function 0041435F Relevance: 6.5, APIs: 5, Instructions: 278COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d56ffb8a6685455f091880630799685eddd8ac587d3428563be9e88dd716d36c
                                                                                                                                                                                • Instruction ID: 1ac5c9ddcf095474d6e2a383ff06e8771fc838f6ee07df02b13506851481717d
                                                                                                                                                                                • Opcode Fuzzy Hash: d56ffb8a6685455f091880630799685eddd8ac587d3428563be9e88dd716d36c
                                                                                                                                                                                • Instruction Fuzzy Hash: C891F671D01618ABCF21AB69CC41ADE7BB9EB857A4F240127F814B6290D73D8DC18A6C
                                                                                                                                                                                Function 0041636C Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00002020,00420838,00420838,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000), ref: 0041638D
                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000), ref: 004163B1
                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000), ref: 004163CB
                                                                                                                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000,?), ref: 0041648C
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000,?,00000000), ref: 004164A3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocVirtual$FreeHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 714016831-0
                                                                                                                                                                                • Opcode ID: 61edb7c5b2a57b73fa0373c8b0061bfd64d3e4def081ef99dbe098b98f3bc666
                                                                                                                                                                                • Instruction ID: 1d273cd761051d77879f543994291e2c1f364a84a1ace75b4c6a1ba38ea4645d
                                                                                                                                                                                • Opcode Fuzzy Hash: 61edb7c5b2a57b73fa0373c8b0061bfd64d3e4def081ef99dbe098b98f3bc666
                                                                                                                                                                                • Instruction Fuzzy Hash: 1D310370640711EFD3309F24DC85BA6B7E4EB84764F12823AE56997791E778E881CB8C
                                                                                                                                                                                Function 00409504 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 00409509
                                                                                                                                                                                  • Part of subcall function 0040935A: EnterCriticalSection.KERNEL32(?,?,?,00409680), ref: 0040935F
                                                                                                                                                                                  • Part of subcall function 0040935A: LeaveCriticalSection.KERNEL32(?,?,?,00409680), ref: 00409369
                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 00409536
                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00409552
                                                                                                                                                                                • __aulldiv.LIBCMT ref: 004095A1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalSection$EnterLeave$H_prolog__aulldiv
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3848147900-0
                                                                                                                                                                                • Opcode ID: a31f7f313dfc0da48c948196a335c5e8fea939b4dae7cffcd2385e59b1d35c73
                                                                                                                                                                                • Instruction ID: 81a485ad15cb22f282f6c018201ee4179c2b1d1cd2674c5f201a60282c37c453
                                                                                                                                                                                • Opcode Fuzzy Hash: a31f7f313dfc0da48c948196a335c5e8fea939b4dae7cffcd2385e59b1d35c73
                                                                                                                                                                                • Instruction Fuzzy Hash: C6315076A00215AFCB11EF65C8819EFBBB5FF88704F00442AE51673692D779AD41CB64
                                                                                                                                                                                Function 004047A8 Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __EH_prolog.LIBCMT ref: 004047AD
                                                                                                                                                                                • FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,00000000), ref: 004047D1
                                                                                                                                                                                • FormatMessageW.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,00000000), ref: 00404814
                                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,00000000,?,00000000,00000000,?,00000000), ref: 0040482F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FormatMessage$FreeH_prologLocal
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3392428314-0
                                                                                                                                                                                • Opcode ID: d8114c00c851820dfd69355ab4a5a7d10c3f97c7ff5c1a94d174072509a20bce
                                                                                                                                                                                • Instruction ID: b23ee79e455563f0a2b187c1bc8aea4849c6785c5b1f5abfa42b55bee9ed31b8
                                                                                                                                                                                • Opcode Fuzzy Hash: d8114c00c851820dfd69355ab4a5a7d10c3f97c7ff5c1a94d174072509a20bce
                                                                                                                                                                                • Instruction Fuzzy Hash: 451170B5A00159AFDF01BFA59C419FFBB7DEF44349F00847AE112721E2DB391A01DA68
                                                                                                                                                                                Function 00409374 Relevance: 6.0, APIs: 4, Instructions: 37windowtimeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00413030: SetEvent.KERNEL32(00000000,0040756D), ref: 00413033
                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 00409397
                                                                                                                                                                                • LoadIconA.USER32(00000000), ref: 004093B1
                                                                                                                                                                                • SendMessageA.USER32(?,00000080,00000001,00000000), ref: 004093C2
                                                                                                                                                                                • SetTimer.USER32(?,00000003,00000064,00000000), ref: 004093D1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EventIconItemLoadMessageSendTimer
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2758541657-0
                                                                                                                                                                                • Opcode ID: 426d8240eb7a06a459b3f470407d996c0274358d2b71b1374ad8138c79f04d47
                                                                                                                                                                                • Instruction ID: 34d2fc59b34559bed7d893ef409eb69d6d7528a9cba69d030baf66432b50efa3
                                                                                                                                                                                • Opcode Fuzzy Hash: 426d8240eb7a06a459b3f470407d996c0274358d2b71b1374ad8138c79f04d47
                                                                                                                                                                                • Instruction Fuzzy Hash: 4D015A30100B00AFD3319F21DD5AB66BBA1FB04721F008A2DF5A7959F0CB75B942CB48
                                                                                                                                                                                Function 0040D5A3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: H_prolog
                                                                                                                                                                                • String ID: $
                                                                                                                                                                                • API String ID: 3519838083-227171996
                                                                                                                                                                                • Opcode ID: 74feb26567ea79c8fd9d5f3f589634721b0a9a4a518abdc39c0b6b7ccedab932
                                                                                                                                                                                • Instruction ID: 116f94ee193b6a60a58d4aec76a07daa8eefdeb27c95ac76265691768f75313a
                                                                                                                                                                                • Opcode Fuzzy Hash: 74feb26567ea79c8fd9d5f3f589634721b0a9a4a518abdc39c0b6b7ccedab932
                                                                                                                                                                                • Instruction Fuzzy Hash: CB712431D0020A9FCB24DF99D981AAEB7B1FF48314F20467ED416B7691D734AA8ACF54
                                                                                                                                                                                Function 00417E5D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCPInfo.KERNEL32(?,00000000), ref: 00417E71
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Info
                                                                                                                                                                                • String ID: $
                                                                                                                                                                                • API String ID: 1807457897-3032137957
                                                                                                                                                                                • Opcode ID: be8999de8ad5c30073bbd0379d60ad0f54c653f5d04d814f41e486670cb2e0db
                                                                                                                                                                                • Instruction ID: 669041dcfce0968cbe3c51124f50cac4b21f3f9a56807733dc4743f672ff05a2
                                                                                                                                                                                • Opcode Fuzzy Hash: be8999de8ad5c30073bbd0379d60ad0f54c653f5d04d814f41e486670cb2e0db
                                                                                                                                                                                • Instruction Fuzzy Hash: 65417C312482585AEB219714CC49FFB7FF9DB02714F5404E6D149C7153C2794AC6C7BA
                                                                                                                                                                                Function 00417092 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\download\WcInstaller.exe,00000104,?,00000000,?,?,?,?,00414974), ref: 004170B5
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileModuleName
                                                                                                                                                                                • String ID: 'Z$C:\Users\user\Desktop\download\WcInstaller.exe
                                                                                                                                                                                • API String ID: 514040917-3720439846
                                                                                                                                                                                • Opcode ID: 84d053b036df48e784d9c40d8f72a4f01e20f52c816047791c4f4213c32035a1
                                                                                                                                                                                • Instruction ID: bf09e70cde018ed4875ba2e87c80884ade2fb8340569e7ccc03294431e74d33e
                                                                                                                                                                                • Opcode Fuzzy Hash: 84d053b036df48e784d9c40d8f72a4f01e20f52c816047791c4f4213c32035a1
                                                                                                                                                                                • Instruction Fuzzy Hash: 591151B6A00219BFC721EF94DCC1CDBBBBCEB08758B5100ABF50597201EA745F4587A8
                                                                                                                                                                                Function 00415ECA Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • HeapReAlloc.KERNEL32(00000000,00000050,00000000,00000000,00415C92,00000000,00000000,00000000,00413CC1,00000000,00000000,?,00000000,00000000,00000000), ref: 00415EF2
                                                                                                                                                                                • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00415C92,00000000,00000000,00000000,00413CC1,00000000,00000000,?,00000000,00000000,00000000), ref: 00415F26
                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00415F40
                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 00415F57
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocHeap$FreeVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3499195154-0
                                                                                                                                                                                • Opcode ID: 712f9e2f9eec85a92a3a672498402ffd9fd7e765c5a6c8233a1a124cbc29739c
                                                                                                                                                                                • Instruction ID: 8f6381cf99308f7e34b2c2e49534b1224184cafd179dea44f4322364d011a6a4
                                                                                                                                                                                • Opcode Fuzzy Hash: 712f9e2f9eec85a92a3a672498402ffd9fd7e765c5a6c8233a1a124cbc29739c
                                                                                                                                                                                • Instruction Fuzzy Hash: A6114C31300A01EFC7308F59EC86DA6BBB5FB85760791462AF156D69B0D3719887CF58
                                                                                                                                                                                Function 004154B1 Relevance: 5.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154BE
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154C6
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154CE
                                                                                                                                                                                • InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154D6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000004.00000002.2220530044.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                • Associated: 00000004.00000002.2220516787.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220549828.000000000041B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220563944.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220576699.0000000000422000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220589231.0000000000423000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000004.00000002.2220603255.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_4_2_400000_WcInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CriticalInitializeSection
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 32694325-0
                                                                                                                                                                                • Opcode ID: ec7037d00a0fc94f488d53f3a91d2e26ae03bdd42e29aafad6c46e686e3ec5a2
                                                                                                                                                                                • Instruction ID: a8e831e61b8b61633fe4a4176da74b0e9d16ee726bcd83620c475df078586321
                                                                                                                                                                                • Opcode Fuzzy Hash: ec7037d00a0fc94f488d53f3a91d2e26ae03bdd42e29aafad6c46e686e3ec5a2
                                                                                                                                                                                • Instruction Fuzzy Hash: 0AC00231A11138ABCF312B55FC048463FA6EB852A03518072A1045203186612C12EFD8

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:16.2%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                Signature Coverage:6.9%
                                                                                                                                                                                Total number of Nodes:160
                                                                                                                                                                                Total number of Limit Nodes:10
                                                                                                                                                                                execution_graph 70772 50c288e 70774 50c28c9 LoadLibraryA 70772->70774 70775 50c2906 70774->70775 70776 e1b362 70779 e1b39a RegOpenKeyExW 70776->70779 70778 e1b3f0 70779->70778 70780 50c308a 70781 50c30bf RasConnectionNotificationW 70780->70781 70783 50c30f2 70781->70783 70691 50c0b06 70692 50c0b3e setsockopt 70691->70692 70694 50c0b76 70691->70694 70693 50c0b4c 70692->70693 70694->70692 70784 50c1486 70785 50c14c1 RegOpenKeyExA 70784->70785 70787 50c150a 70785->70787 70788 50c3b86 70789 50c3bbb WSAConnect 70788->70789 70791 50c3bda 70789->70791 70792 50c0686 70794 50c06bb GetProcessTimes 70792->70794 70795 50c06ed 70794->70795 70796 e1b46a 70797 e1b49f RegQueryValueExW 70796->70797 70799 e1b4f3 70797->70799 70699 50c0a02 70700 50c0a3a WSASocketW 70699->70700 70702 50c0a76 70700->70702 70703 50c0d1e 70704 50c0d59 getaddrinfo 70703->70704 70706 50c0dcb 70704->70706 70707 50c381a 70708 50c384f GetNetworkParams 70707->70708 70710 50c387f 70708->70710 70711 50c1f1a 70712 50c1f6a VerLanguageNameW 70711->70712 70713 50c1f78 70712->70713 70800 50c1692 70801 50c16ca RegCreateKeyExW 70800->70801 70803 50c173c 70801->70803 70714 e1bafe 70715 e1bb33 K32GetModuleInformation 70714->70715 70717 e1bb6a 70715->70717 70804 50c03ae 70807 50c03e6 CreateMutexW 70804->70807 70806 50c0429 70807->70806 70808 e1ac46 70811 e1ac7b GetFileType 70808->70811 70810 e1aca8 70811->70810 70812 50c2fa6 70814 50c2fdb WSAEventSelect 70812->70814 70815 50c3012 70814->70815 70816 50c18a2 70817 50c18d4 GetSystemTimeAdjustment 70816->70817 70819 50c18ff 70816->70819 70818 50c18e9 70817->70818 70819->70817 70820 e1a74e 70821 e1a7c1 70820->70821 70822 e1a789 RegQueryValueExW 70820->70822 70821->70822 70823 e1a797 70822->70823 70824 50c17ba 70825 50c17ef RegSetValueExW 70824->70825 70827 50c183b 70825->70827 70828 50c1fb6 70830 50c1feb GetTokenInformation 70828->70830 70831 50c2028 70830->70831 70832 e1a55a 70833 e1a586 SetErrorMode 70832->70833 70834 e1a5af 70832->70834 70835 e1a59b 70833->70835 70834->70833 70718 50c0032 70720 50c006a MapViewOfFile 70718->70720 70721 50c00b9 70720->70721 70836 50c1cb2 70837 50c1cdb GetFileVersionInfoSizeW 70836->70837 70839 50c1cf7 70837->70839 70840 50c3fb2 70841 50c3fd8 ShellExecuteExW 70840->70841 70843 50c3ff4 70841->70843 70844 50c3ab2 70846 50c3ae7 GetAdaptersAddresses 70844->70846 70847 50c3b20 70846->70847 70722 50c3c4e 70723 50c3cae 70722->70723 70724 50c3c83 NtQuerySystemInformation 70722->70724 70723->70724 70725 50c3c98 70724->70725 70848 50c10ce 70851 50c10f4 OutputDebugStringW 70848->70851 70850 50c1117 70851->70850 70726 e1b7a2 70729 e1b7d1 AdjustTokenPrivileges 70726->70729 70728 e1b7f3 70729->70728 70852 e1a422 70853 e1a484 70852->70853 70854 e1a44e RtlReleaseActivationContext 70852->70854 70853->70854 70855 e1a45c 70854->70855 70856 e1b622 70857 e1b64b LookupPrivilegeValueW 70856->70857 70859 e1b672 70857->70859 70730 50c1946 70733 50c196c CreateDirectoryW 70730->70733 70732 50c1993 70733->70732 70860 50c2dc6 70861 50c2dfb WSAIoctl 70860->70861 70863 50c2e49 70861->70863 70734 50c3e42 70735 50c3e92 WSASend 70734->70735 70736 50c3e9a 70735->70736 70864 e1ab2e 70866 e1ab66 CreateFileW 70864->70866 70867 e1abb5 70866->70867 70737 50c335a 70740 50c338f RegNotifyChangeKeyValue 70737->70740 70739 50c33cc 70740->70739 70741 50c3156 70744 50c318e RegOpenCurrentUser 70741->70744 70743 50c31c1 70744->70743 70868 e1a23a 70869 e1a266 LoadLibraryW 70868->70869 70870 e1a29c 70868->70870 70871 e1a274 70869->70871 70870->70869 70745 50c116a 70748 50c119f SetFilePointer 70745->70748 70747 50c11ce 70748->70747 70872 50c2cea 70874 50c2d1f ioctlsocket 70872->70874 70875 50c2d4b 70874->70875 70876 50c13ea 70877 50c143a RegEnumKeyExW 70876->70877 70878 50c1448 70877->70878 70879 e1af06 70881 e1af3b ReadFile 70879->70881 70882 e1af6d 70881->70882 70752 50c1d62 70753 50c1d91 GetFileVersionInfoW 70752->70753 70755 50c1db4 70753->70755 70883 50c2efe 70884 50c2f4e FormatMessageW 70883->70884 70885 50c2f56 70884->70885 70756 e1a696 70757 e1a706 70756->70757 70758 e1a6ce RegOpenKeyExW 70756->70758 70757->70758 70759 e1a6dc 70758->70759 70886 e1ba16 70887 e1ba4b K32EnumProcessModules 70886->70887 70889 e1ba7a 70887->70889 70760 e1a09a 70761 e1a0cf recv 70760->70761 70763 e1a107 70760->70763 70762 e1a0dd 70761->70762 70763->70761 70764 50c1572 70766 50c15ad RegQueryValueExA 70764->70766 70767 50c1615 70766->70767 70768 50c0772 70769 50c079e GetSystemInfo 70768->70769 70770 50c07d4 70768->70770 70771 50c07ac 70769->70771 70770->70769 70890 e1bc1e 70891 e1bc6e K32GetModuleBaseNameW 70890->70891 70892 e1bc76 70891->70892

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 07E1055B Relevance: 8.0, Strings: 6, Instructions: 541COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 0 7e1055b-7e105bd 2 7e10650-7e1068b 0->2 3 7e105c3-7e105d7 0->3 13 7e106f3-7e10717 2->13 14 7e1068d-7e10699 2->14 3->2 4 7e105d9 3->4 6 7e105e0-7e10628 4->6 7 7e1062a-7e1063a 4->7 8 7e1063c-7e10649 4->8 6->2 7->2 8->2 119 7e1071d call e005e0 13->119 120 7e1071d call e00606 13->120 20 7e106b6-7e106ec 14->20 21 7e1069b-7e106b4 14->21 20->13 21->13 26 7e10723-7e10795 38 7e107c2-7e107f7 26->38 39 7e10797-7e107a9 26->39 44 7e107f9-7e10844 38->44 45 7e1084b-7e108c1 38->45 39->38 42 7e107ab-7e107b7 39->42 42->38 44->45 121 7e108c3 call e005e0 45->121 122 7e108c3 call e00606 45->122 55 7e108c9-7e10918 60 7e109a4-7e109b0 55->60 61 7e1091e-7e109a2 55->61 62 7e109b8-7e10a1f 60->62 61->62 79 7e10a25-7e10aa4 62->79 80 7e10aac-7e10ad4 62->80 79->80 87 7e10b17-7e10b8d 80->87 88 7e10ad6-7e10b10 80->88 103 7e10bac-7e10bb5 87->103 104 7e10b8f-7e10baa 87->104 88->87 106 7e10bbd-7e10c17 103->106 104->106 114 7e10c50-7e10c57 106->114 115 7e10c19-7e10c49 106->115 115->114 119->26 120->26 121->55 122->55
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl$\OWl$\OWl$\OWl$\OWl$\OWl
                                                                                                                                                                                • API String ID: 0-3855301873
                                                                                                                                                                                • Opcode ID: 6c3cbdbe9c60245f9e6e553c6b60ab1495559419d5f590eb4823afa59434fb26
                                                                                                                                                                                • Instruction ID: da58c73e2c76184acf7fc0dca8502d266d7a4c614a920474de132ee7d4fefb5c
                                                                                                                                                                                • Opcode Fuzzy Hash: 6c3cbdbe9c60245f9e6e553c6b60ab1495559419d5f590eb4823afa59434fb26
                                                                                                                                                                                • Instruction Fuzzy Hash: FC32E474A00204CFCB25EF74C945A6AB7B2FF89305F20856DD95A9B761CB35AC82CF61
                                                                                                                                                                                Function 07D9921B Relevance: 3.5, Strings: 2, Instructions: 957COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: l$Wl$l$Wl
                                                                                                                                                                                • API String ID: 0-1932385033
                                                                                                                                                                                • Opcode ID: 82240cefa61f9c95ea8b19824dfb0487302c5e0c2f38f8300aa2231296dffd8c
                                                                                                                                                                                • Instruction ID: 8e5477ee1dffa73613883f03931f0539256eba8f9384697499ad6dc347bd9b8a
                                                                                                                                                                                • Opcode Fuzzy Hash: 82240cefa61f9c95ea8b19824dfb0487302c5e0c2f38f8300aa2231296dffd8c
                                                                                                                                                                                • Instruction Fuzzy Hash: 5D922774A00214CFDB18DB78C898BA9BBF2BF89304F1481ADD44A9B791DB35AD85CF51
                                                                                                                                                                                Function 07DF2DF0 Relevance: 2.2, Strings: 1, Instructions: 980COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: f`5l
                                                                                                                                                                                • API String ID: 0-2448118566
                                                                                                                                                                                • Opcode ID: 72739cd4f9da4074a875dadf460db8f2a604d7ae20640332909421314a11085e
                                                                                                                                                                                • Instruction ID: 390ad63104a81a48942e5b9cfe90d67f25aaf6aa261c20316d63f2de622c0fc9
                                                                                                                                                                                • Opcode Fuzzy Hash: 72739cd4f9da4074a875dadf460db8f2a604d7ae20640332909421314a11085e
                                                                                                                                                                                • Instruction Fuzzy Hash: 527214B0B002519BCB15AB79D4485BDFBE2FF89315F1A802AE946DB790DB34DC41CB91
                                                                                                                                                                                Function 07DF4328 Relevance: 1.9, Strings: 1, Instructions: 627COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: =
                                                                                                                                                                                • API String ID: 0-2322244508
                                                                                                                                                                                • Opcode ID: 055988e6a41342804bd44ec95187e3374803a48656be1c1500bf478af5720a49
                                                                                                                                                                                • Instruction ID: 893ffcbdeed4dce9f6e71a213c9dbb70452e2d52dfbf24b2ede761a77659b186
                                                                                                                                                                                • Opcode Fuzzy Hash: 055988e6a41342804bd44ec95187e3374803a48656be1c1500bf478af5720a49
                                                                                                                                                                                • Instruction Fuzzy Hash: F85237B4A00655CFCB19CF68C184A6AFBF2FF88304F168699D95A9B751D734E981CF80
                                                                                                                                                                                Function 050C3C12 Relevance: 1.6, APIs: 1, Instructions: 61nativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtQuerySystemInformation.NTDLL ref: 050C3C89
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InformationQuerySystem
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3562636166-0
                                                                                                                                                                                • Opcode ID: 382a70d112b6abfe7140e027385ba1c7c9fbdb7914d32108e02542aa3e606b98
                                                                                                                                                                                • Instruction ID: 15b0df8abe00532ee7a4277457e4ce75ecdd8520fecbe2af70f192ee3caa5c85
                                                                                                                                                                                • Opcode Fuzzy Hash: 382a70d112b6abfe7140e027385ba1c7c9fbdb7914d32108e02542aa3e606b98
                                                                                                                                                                                • Instruction Fuzzy Hash: 1D218C724097C09FDB228B21DC55AA6BFF0AF07314F0D84CAE9C54F163D2659918DB62
                                                                                                                                                                                Function 050C0772 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,17210305,00000000,?,?,?,?,?,?,?,?,6CEA3C58), ref: 050C07A4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InfoSystem
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 31276548-0
                                                                                                                                                                                • Opcode ID: 8561804c354be8e436baa69e7929fb262210151188161f899aef8b7698f99117
                                                                                                                                                                                • Instruction ID: 1d5bb6fa60d09d55b1b3da919f2c9700590502386a19cbcb6235d884a923a5d4
                                                                                                                                                                                • Opcode Fuzzy Hash: 8561804c354be8e436baa69e7929fb262210151188161f899aef8b7698f99117
                                                                                                                                                                                • Instruction Fuzzy Hash: F9018F75804240DFDB10CF55E988B6EFFE4EF05620F08C4EADD499F652D275A444CEA1
                                                                                                                                                                                Function 050C3C4E Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtQuerySystemInformation.NTDLL ref: 050C3C89
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InformationQuerySystem
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3562636166-0
                                                                                                                                                                                • Opcode ID: 17a50c7a8c33a9defe79d036e9d2c242a769a5eeda195d5644d11efd0b9dff0c
                                                                                                                                                                                • Instruction ID: 20c45dc29a5ab4b0d0fc0657a3a9e07755ed09d5668cfc99e5a3b557a35f87ba
                                                                                                                                                                                • Opcode Fuzzy Hash: 17a50c7a8c33a9defe79d036e9d2c242a769a5eeda195d5644d11efd0b9dff0c
                                                                                                                                                                                • Instruction Fuzzy Hash: C60178354006449FDB208F95E984BAAFFE0FF09620F18C49EDD4A0A656D375A418CBA2
                                                                                                                                                                                Function 050C18A2 Relevance: 1.5, APIs: 1, Instructions: 37timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemTimeAdjustment.KERNEL32(?,?,?,17210305,00000000,?,?,?,?,?,?,?,?,6CEA3C58), ref: 050C18DA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AdjustmentSystemTime
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2260068259-0
                                                                                                                                                                                • Opcode ID: bedec39d6185cc37560c78dc1e4b5af703f6b6e7347d9026877641197e82f628
                                                                                                                                                                                • Instruction ID: 1c8c46f38924cba4cb55bc0e3095b827e140f9aae2788394d53cdb3a3329928b
                                                                                                                                                                                • Opcode Fuzzy Hash: bedec39d6185cc37560c78dc1e4b5af703f6b6e7347d9026877641197e82f628
                                                                                                                                                                                • Instruction Fuzzy Hash: 330186369042408FDB20CF85E884B6AFFE1FF09220F08C09EDE494E652D375A419CBA2
                                                                                                                                                                                Function 07D9ED78 Relevance: 1.0, Instructions: 971COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9779465bb85bebbd1a7dbdd348e9a67a1a80d1a9eb59537bdc6d376ff899a5a0
                                                                                                                                                                                • Instruction ID: 345e3d9a3ea330161a61e54fef73d0ef89bccd5d8dd587bbfa4565617327a9b5
                                                                                                                                                                                • Opcode Fuzzy Hash: 9779465bb85bebbd1a7dbdd348e9a67a1a80d1a9eb59537bdc6d376ff899a5a0
                                                                                                                                                                                • Instruction Fuzzy Hash: D2827A74B002118FCB18EF79D4596AEBBF2AF88304B248569E506DB7A1DF34DC46CB91
                                                                                                                                                                                Function 07DD3330 Relevance: .7, Instructions: 707COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 035ccb0adb8bc34192967fbe4f5a75bb08623398f70cf1a36f54275e8f2b7b45
                                                                                                                                                                                • Instruction ID: 5a31f3601d6a3c2c88d254d0c1fa0cb3ebb1380814001873834557741acc283b
                                                                                                                                                                                • Opcode Fuzzy Hash: 035ccb0adb8bc34192967fbe4f5a75bb08623398f70cf1a36f54275e8f2b7b45
                                                                                                                                                                                • Instruction Fuzzy Hash: DE427F74700200DFDB18EB78D994AADB7F2AF89314F244169E9069B7A4DF35DC86CB42
                                                                                                                                                                                Function 07D971A0 Relevance: .7, Instructions: 654COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 82ebbfe8ca185f8880c29c6d8710f7da0b3be307e0d6ba923de6339e8a0f3f76
                                                                                                                                                                                • Instruction ID: f9ddc64618deef269aa24d7a6902f7348ce24ae1a906ffc38ca8c660cdfb6064
                                                                                                                                                                                • Opcode Fuzzy Hash: 82ebbfe8ca185f8880c29c6d8710f7da0b3be307e0d6ba923de6339e8a0f3f76
                                                                                                                                                                                • Instruction Fuzzy Hash: 78425B74A10255DFCF44DFA8C888AADBBF2FF89324F148079E806AB761DB359845CB51
                                                                                                                                                                                Function 07D97C90 Relevance: .4, Instructions: 448COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 80dd52b8a49b1c24cf7c0aeb724d8e21b5c270e6feef43d7bc0aef4dcbf141b5
                                                                                                                                                                                • Instruction ID: 1fd242b3295ab68fcbc785166893f86f44dac8362788ab91d5c031ca3314f6c0
                                                                                                                                                                                • Opcode Fuzzy Hash: 80dd52b8a49b1c24cf7c0aeb724d8e21b5c270e6feef43d7bc0aef4dcbf141b5
                                                                                                                                                                                • Instruction Fuzzy Hash: 1902AB74700602CFCB18EB75C489AAEF7F2BF88214B24856DD4469BB65DB34EC46CB91
                                                                                                                                                                                Function 07750AC8 Relevance: 6.7, Strings: 5, Instructions: 441COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 341 7750ac8-7750af0 453 7750af2 call e005e0 341->453 454 7750af2 call e00606 341->454 455 7750af2 call 7750c42 341->455 456 7750af2 call 7750ab9 341->456 457 7750af2 call 7750ac8 341->457 342 7750af5-7750afa 343 7750b00-7750b45 342->343 344 7750c43-7750c78 342->344 349 7750b63-7750b6c 343->349 360 7750c10-7750c37 344->360 361 7750c7a-7750cbe call 7750a58 call 77510b1 344->361 350 7750b92-7750b9b 349->350 351 7750b6e-7750b74 349->351 354 7750ba7-7750bb6 350->354 355 7750b9d 350->355 351->350 353 7750b76-7750b7f 351->353 356 7750bd1 353->356 357 7750b81-7750b90 353->357 359 7750bb8-7750bba 354->359 355->354 366 7750bd6 356->366 357->359 362 7750b47-7750b50 359->362 363 7750bbc-7750bcf 359->363 371 7750cc4-7750ccf 361->371 448 7750b52 call 77519e0 362->448 449 7750b52 call 77519dd 362->449 363->366 366->360 368 7750b55-7750b57 368->349 370 7750b59-7750b5b 368->370 451 7750b5d call e005e0 370->451 452 7750b5d call e00606 370->452 372 7750cd1-7750cfc 371->372 373 7750cfe-7750d36 371->373 372->373 382 7750fa2-7750fc8 373->382 383 7750d3c-7750d61 373->383 384 7751019-7751022 382->384 395 7750d95-7750dda 383->395 396 7750d63-7750d93 383->396 385 7751024-775102a 384->385 386 7751048-7751051 384->386 385->386 390 775102c-7751035 385->390 388 7751053 386->388 389 775105d-775106c 386->389 388->389 392 775106e-7751070 389->392 393 7751037-7751046 390->393 394 775108b 390->394 398 7751076-7751089 392->398 399 7750fca-7750fdb 392->399 393->392 397 7751090 394->397 408 7750ec6-7750ecf 395->408 396->395 403 7751091 397->403 398->397 399->384 404 7750fdd-7750fec 399->404 403->403 404->384 409 7750fee-7750ff7 404->409 411 7750ef5-7750efe 408->411 412 7750ed1-7750ed7 408->412 415 7751004-7751016 409->415 416 7750ff9-7750ffd 409->416 413 7750f00 411->413 414 7750f0a-7750f19 411->414 412->411 417 7750ed9-7750ee2 412->417 413->414 420 7750f1b-7750f1d 414->420 415->384 416->415 418 7750ee4-7750ef3 417->418 419 7750f38 417->419 418->420 424 7750f3d-7750f3e 419->424 421 7750f23-7750f36 420->421 422 7750ddf-7750de9 420->422 421->424 425 7750e08-7750e16 422->425 426 7750deb-7750e02 422->426 424->382 430 7750e48-7750e56 425->430 431 7750e18-7750e21 425->431 426->408 426->425 436 7750e85-7750e89 430->436 437 7750e58-7750e61 430->437 433 7750e23-7750e27 431->433 434 7750e2e-7750e43 431->434 433->434 434->408 436->408 441 7750e8b-7750e99 436->441 439 7750e63-7750e67 437->439 440 7750e6e-7750e83 437->440 439->440 440->408 441->408 444 7750e9b-7750ea4 441->444 445 7750ea6-7750eaa 444->445 446 7750eb1-7750ec3 444->446 445->446 446->408 448->368 449->368 451->349 452->349 453->342 454->342 455->342 456->342 457->342
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 8rWl$XZ$l$Wl$[k$[k
                                                                                                                                                                                • API String ID: 0-1485264111
                                                                                                                                                                                • Opcode ID: 568c1b35547b80510787229f329c98602233c6ced77ec3de73b368791d97ffb9
                                                                                                                                                                                • Instruction ID: ba7987e615c9a8b657cda61397d939f6630c64843eace1e37b8069227d4cec57
                                                                                                                                                                                • Opcode Fuzzy Hash: 568c1b35547b80510787229f329c98602233c6ced77ec3de73b368791d97ffb9
                                                                                                                                                                                • Instruction Fuzzy Hash: 860228B0A00209DFCB54DFA8C480AAEB7F6AF89354F248569D805EB755DB71EC42CB90
                                                                                                                                                                                Function 07DDC5D8 Relevance: 5.5, Strings: 4, Instructions: 501COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 458 7ddc5d8-7ddc600 459 7ddc626-7ddc628 458->459 460 7ddc602-7ddc624 458->460 461 7ddc62b-7ddc658 call 7ddb148 459->461 460->461 466 7ddc65a-7ddc67f call 7ddb200 call 7ddbd80 461->466 467 7ddc681-7ddc6a7 461->467 472 7ddc6af-7ddc70e call 7ddc0d0 call 7ddcdf8 466->472 467->472 480 7ddcb67-7ddcb76 472->480 481 7ddcb7c-7ddcb9d 480->481 482 7ddc713-7ddc722 480->482 483 7ddc729-7ddc732 482->483 484 7ddc724 482->484 485 7ddc738-7ddc758 483->485 486 7ddcba0-7ddcbca 483->486 484->483 491 7ddc77c-7ddc786 485->491 492 7ddc75a-7ddc774 call 7ddb200 485->492 489 7ddcbcc-7ddcbe5 486->489 490 7ddcbf0-7ddcbf6 486->490 489->490 493 7ddc788-7ddc79a 491->493 494 7ddc7a2-7ddc7b8 491->494 492->491 493->494 500 7ddc7ba-7ddc7d7 call 7dddeb0 494->500 501 7ddc7e5-7ddc816 call 7ddc1d8 494->501 504 7ddc7dd-7ddc7df 500->504 501->486 517 7ddc81c-7ddc821 501->517 504->501 506 7ddc8f4-7ddc8fe 504->506 507 7ddc904-7ddc941 506->507 508 7ddca60-7ddca6a 506->508 529 7ddc983-7ddc991 call 7ddb200 507->529 530 7ddc943-7ddc953 507->530 510 7ddcb61-7ddcb64 508->510 511 7ddca70-7ddca7a 508->511 510->480 515 7ddcb56-7ddcb59 511->515 516 7ddca80-7ddcaca call 7ddb200 511->516 515->510 546 7ddcacc-7ddcae8 516->546 547 7ddcb03-7ddcb11 call 7ddb200 516->547 519 7ddc869-7ddc86b 517->519 520 7ddc823-7ddc861 call 7ddb200 517->520 523 7ddc86d-7ddc878 519->523 524 7ddc87a-7ddc8aa 519->524 520->519 523->524 551 7ddc8ac-7ddc8bb 524->551 552 7ddc8ea-7ddc8ec 524->552 541 7ddc9cb-7ddc9d9 call 7ddb200 529->541 542 7ddc993-7ddc9b0 529->542 530->529 543 7ddc955-7ddc97e call 7ddb4b0 530->543 556 7ddc9db-7ddc9f8 541->556 557 7ddca13-7ddca1e call 7ddb200 541->557 542->486 569 7ddc9b6-7ddc9c6 call 7ddb4b0 542->569 543->529 546->486 574 7ddcaee-7ddcafe call 7ddb4b0 546->574 561 7ddcb4c-7ddcb4e 547->561 562 7ddcb13-7ddcb32 547->562 551->552 567 7ddc8bd-7ddc8e5 call 7ddb4b0 551->567 552->506 556->486 582 7ddc9fe-7ddca0e call 7ddb4b0 556->582 570 7ddca55-7ddca58 557->570 571 7ddca20-7ddca3b 557->571 561->515 562->486 585 7ddcb34-7ddcb47 call 7ddb4b0 562->585 567->552 569->541 570->508 571->486 590 7ddca41-7ddca50 call 7ddb4b0 571->590 574->547 582->557 585->561 590->570
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl$\OWl$\OWl$\OWl
                                                                                                                                                                                • API String ID: 0-2676177490
                                                                                                                                                                                • Opcode ID: 8abc6ad80351c8d3f395643d6596bf372799ae48efa4099fe73d12decf38392a
                                                                                                                                                                                • Instruction ID: 7d921f79f89871423a94634420c1cecc4e2d0ba5aefc2dc336162dfbf344c160
                                                                                                                                                                                • Opcode Fuzzy Hash: 8abc6ad80351c8d3f395643d6596bf372799ae48efa4099fe73d12decf38392a
                                                                                                                                                                                • Instruction Fuzzy Hash: B222C2B4A00205CFCB15DFA4C598AAEBBF2FF88315F158169E85A9B361DB34EC41CB51
                                                                                                                                                                                Function 07DD4500 Relevance: 5.3, Strings: 4, Instructions: 281COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 599 7dd4500-7dd451c 600 7dd45e2-7dd461a 599->600 601 7dd4522-7dd4526 599->601 603 7dd4621-7dd4650 600->603 602 7dd452c-7dd4530 601->602 601->603 605 7dd4657-7dd46b3 602->605 606 7dd4536-7dd453a 602->606 603->605 608 7dd46ba-7dd47a7 605->608 606->608 609 7dd4540-7dd4546 606->609 652 7dd47a9-7dd47af 608->652 653 7dd47b0-7dd484d 608->653 609->608 612 7dd454c-7dd456b 609->612 670 7dd456d call e005e0 612->670 671 7dd456d call 7dd487f 612->671 672 7dd456d call e00606 612->672 673 7dd456d call 7dd4890 612->673 674 7dd456d call 7dd4952 612->674 630 7dd4573-7dd4586 675 7dd4588 call 7dd4da8 630->675 676 7dd4588 call 7dd4d58 630->676 677 7dd4588 call 7dd4d9b 630->677 633 7dd458e-7dd45a5 call 7dd0a78 641 7dd45ce-7dd45df 633->641 642 7dd45a7-7dd45c6 633->642 642->641 665 7dd484f 653->665 666 7dd4857-7dd487c call 7dd2180 653->666 665->666 670->630 671->630 672->630 673->630 674->630 675->633 676->633 677->633
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl$\OWl$\OWl$\OWl
                                                                                                                                                                                • API String ID: 0-2676177490
                                                                                                                                                                                • Opcode ID: 40f3220a6202defbac144fa865b9b933ef951755d11acfd4a53ab045fe2cef74
                                                                                                                                                                                • Instruction ID: d221025c7b7eba95ef6c47d2a7f65c5676551a9d082068470cf7951d55727281
                                                                                                                                                                                • Opcode Fuzzy Hash: 40f3220a6202defbac144fa865b9b933ef951755d11acfd4a53ab045fe2cef74
                                                                                                                                                                                • Instruction Fuzzy Hash: 62A18F74B002509FCB09AFB594196AE7BE6EFC9300F149069E916DB7A1DF34CC46CB92
                                                                                                                                                                                Function 07DFC138 Relevance: 5.2, Strings: 4, Instructions: 175COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 678 7dfc138-7dfc1dd 687 7dfc1df-7dfc1e4 678->687 688 7dfc1e6-7dfc218 678->688 689 7dfc21b-7dfc259 687->689 688->689 697 7dfc28c-7dfc2b0 689->697 698 7dfc25b-7dfc28a 689->698 702 7dfc2b8-7dfc2d4 call 7dfca50 697->702 698->702 704 7dfc2da-7dfc2f4 702->704 707 7dfc2f6-7dfc33e 704->707 708 7dfc345-7dfc34c 704->708 707->708
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl$\OWl$\OWl$\OWl
                                                                                                                                                                                • API String ID: 0-2676177490
                                                                                                                                                                                • Opcode ID: 54f8a39aa39a5eb4cba85ac05e49389df10d0f526fa9ce3df96cef8d7409f1d0
                                                                                                                                                                                • Instruction ID: 4ec4b223e86197804bbf4787933c68bed19fb441c1c989e8570b3f37b820ece4
                                                                                                                                                                                • Opcode Fuzzy Hash: 54f8a39aa39a5eb4cba85ac05e49389df10d0f526fa9ce3df96cef8d7409f1d0
                                                                                                                                                                                • Instruction Fuzzy Hash: 45714675A00205DFCB25DFA4D9449AEBBF2FF88310B10852DE916A7760CB35E851DF60
                                                                                                                                                                                Function 07D98510 Relevance: 4.2, Strings: 3, Instructions: 460COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 714 7d98510-7d98521 715 7d98523-7d98528 714->715 716 7d98584 714->716 717 7d9852e-7d98532 715->717 718 7d985e3-7d9864b 715->718 868 7d98586 call e005e0 716->868 869 7d98586 call 7d98aac 716->869 870 7d98586 call e00606 716->870 871 7d98586 call 7d98510 716->871 872 7d98586 call 7d98500 716->872 717->718 719 7d98538-7d98544 717->719 728 7d98652-7d986d4 718->728 726 7d98578-7d98582 719->726 727 7d98546-7d98552 719->727 720 7d9858c 721 7d9858e-7d98592 720->721 724 7d985af-7d985b7 721->724 725 7d98594-7d9859c 721->725 737 7d985ba-7d985c6 724->737 725->728 729 7d985a2-7d985ad 725->729 726->721 727->726 738 7d98554-7d98576 727->738 760 7d98702-7d98706 728->760 761 7d986d6-7d986fc 728->761 729->737 866 7d985c9 call e005e0 737->866 867 7d985c9 call e00606 737->867 738->726 743 7d985cf-7d985e2 762 7d98708-7d9873e 760->762 763 7d9873f-7d9874e 760->763 761->760 766 7d9875b-7d98765 763->766 767 7d98750-7d98759 763->767 772 7d98773-7d98780 766->772 773 7d98767-7d9876a 766->773 767->766 777 7d98792 772->777 778 7d98782-7d98790 772->778 774 7d9876f-7d98771 773->774 776 7d987cb-7d987cd 774->776 779 7d987da-7d987e7 776->779 780 7d987cf-7d987d8 776->780 781 7d98794-7d98798 777->781 778->781 787 7d987ed-7d98801 779->787 788 7d98ad2 779->788 780->779 783 7d9879b-7d987c9 781->783 784 7d9879a 781->784 783->776 784->783 793 7d98803-7d98805 787->793 794 7d98807 787->794 873 7d98ad4 call e005e0 788->873 874 7d98ad4 call e00606 788->874 791 7d98ada-7d98ae1 796 7d9880a-7d9882d 793->796 794->796 799 7d9882f-7d98831 796->799 800 7d98833 796->800 801 7d98836-7d98861 799->801 800->801 804 7d98871-7d988a0 801->804 805 7d98863-7d9886f 801->805 810 7d989a6-7d989aa 804->810 811 7d988a6 804->811 805->804 813 7d989ac-7d989b9 810->813 814 7d989be-7d989ca 810->814 812 7d988a9-7d988b4 811->812 815 7d98924-7d98960 call 7d982c8 812->815 816 7d988b6-7d988e1 812->816 820 7d98ac8-7d98ad0 813->820 821 7d989cc-7d989d0 814->821 822 7d989d6-7d989ed 814->822 839 7d98999-7d989a0 815->839 840 7d98962-7d9897a 815->840 834 7d988e8-7d98922 816->834 835 7d988e3 816->835 820->788 821->820 821->822 832 7d989f3-7d98a15 822->832 833 7d98a85-7d98a9e 822->833 852 7d98a1c-7d98a4e 832->852 853 7d98a17 832->853 841 7d98aa9 833->841 842 7d98aa0 833->842 834->839 835->834 839->810 839->812 847 7d9898c 840->847 848 7d9897c-7d9898a 840->848 841->820 842->841 850 7d98991-7d98996 847->850 848->850 850->839 861 7d98a50-7d98a61 852->861 862 7d98a63-7d98a6d 852->862 853->852 863 7d98a74-7d98a7f 861->863 862->863 863->832 863->833 866->743 867->743 868->720 869->720 870->720 871->720 872->720 873->791 874->791
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: L.Wl$L.Wl$\OWl
                                                                                                                                                                                • API String ID: 0-2504573220
                                                                                                                                                                                • Opcode ID: a212b50f3c31bb9e2732b1a08d97553b92fe6866139534c5975989cfab8e2601
                                                                                                                                                                                • Instruction ID: 0c4496a39edab0cc3bab3a134dcf7ad8ed30ed980318f184b00f753a969b5806
                                                                                                                                                                                • Opcode Fuzzy Hash: a212b50f3c31bb9e2732b1a08d97553b92fe6866139534c5975989cfab8e2601
                                                                                                                                                                                • Instruction Fuzzy Hash: 97027874B00205CFCB18EBB8D998AAEB7F2AF89304F244479D406EB790DB359C45DB51
                                                                                                                                                                                Function 07DFBFB9 Relevance: 4.0, Strings: 3, Instructions: 286COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 875 7dfbfb9-7dfbfdd 876 7dfc109-7dfc10d 875->876 877 7dfbfe3-7dfc032 875->877 943 7dfc110 call e005e0 876->943 944 7dfc110 call 7dfbfb9 876->944 945 7dfc110 call e00606 876->945 946 7dfc110 call 7dfc138 876->946 948 7dfc035 call 7dfbfb9 877->948 949 7dfc035 call 7dfc138 877->949 878 7dfc116-7dfc11d 884 7dfc03b 885 7dfc03e-7dfc052 884->885 887 7dfc058-7dfc070 885->887 888 7dfc0f3-7dfc101 885->888 891 7dfc0aa-7dfc0b8 887->891 892 7dfc072-7dfc081 887->892 888->885 889 7dfc107 888->889 889->878 895 7dfc0ea-7dfc0ec 891->895 896 7dfc0ba-7dfc0d4 891->896 892->891 897 7dfc083-7dfc0a3 892->897 895->888 902 7dfc11e-7dfc132 896->902 903 7dfc0d6-7dfc0e3 896->903 897->891 907 7dfc13b-7dfc1dd 902->907 908 7dfc134-7dfc139 902->908 903->895 917 7dfc1df-7dfc1e4 907->917 918 7dfc1e6-7dfc218 907->918 908->907 919 7dfc21b-7dfc259 917->919 918->919 927 7dfc28c-7dfc2b0 919->927 928 7dfc25b-7dfc28a 919->928 932 7dfc2b8-7dfc2d4 call 7dfca50 927->932 928->932 934 7dfc2da-7dfc2f4 932->934 937 7dfc2f6-7dfc33e 934->937 938 7dfc345-7dfc34c 934->938 937->938 943->878 944->878 945->878 946->878 948->884 949->884
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl$\OWl$\OWl
                                                                                                                                                                                • API String ID: 0-2417892551
                                                                                                                                                                                • Opcode ID: 9dcf09ad5769c235123d23e02ffc44863f896b6be08080f186fadf302d50cf85
                                                                                                                                                                                • Instruction ID: 175cc67eb30a3107a98036647168294ed5ac7d1c29b53d666c2bd1d07d2f5a96
                                                                                                                                                                                • Opcode Fuzzy Hash: 9dcf09ad5769c235123d23e02ffc44863f896b6be08080f186fadf302d50cf85
                                                                                                                                                                                • Instruction Fuzzy Hash: A8B14CB5A00205DFCB15DFA4D944AAEFBF2FF88310F158569E506AB760CB35AC41CBA1
                                                                                                                                                                                Function 07DD42B0 Relevance: 3.9, Strings: 3, Instructions: 175COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 950 7dd42b0-7dd42be 951 7dd4329-7dd43e5 950->951 952 7dd42c0-7dd42c3 950->952 957 7dd43ec-7dd4420 951->957 952->951 953 7dd42c5-7dd42c9 952->953 955 7dd42eb-7dd4311 953->955 956 7dd42cb-7dd42d1 953->956 955->957 963 7dd4317-7dd4328 955->963 956->957 958 7dd42d7-7dd42df 956->958 964 7dd448a-7dd4496 957->964 965 7dd4422-7dd443e 957->965 958->955 961 7dd42e1-7dd42e3 958->961 961->955 970 7dd4498-7dd44ac 964->970 971 7dd44b3-7dd44c6 964->971 965->964 985 7dd44ae call e005e0 970->985 986 7dd44ae call e00606 970->986 987 7dd44ae call 7dd4500 970->987 988 7dd44ae call 7dd44f0 970->988 972 7dd44ce-7dd44e9 971->972 974 7dd44b1 974->972 985->974 986->974 987->974 988->974
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl$\OWl$\OWl
                                                                                                                                                                                • API String ID: 0-2417892551
                                                                                                                                                                                • Opcode ID: 56b51993dd6b66cec7579b86c91b5eaaf96d35397a5480984695e58afb08f8cd
                                                                                                                                                                                • Instruction ID: 0fe3990fc5e07a5b2349ce1e1d4c825fe0a57e0d37c8773eb4f0491304c440fa
                                                                                                                                                                                • Opcode Fuzzy Hash: 56b51993dd6b66cec7579b86c91b5eaaf96d35397a5480984695e58afb08f8cd
                                                                                                                                                                                • Instruction Fuzzy Hash: E9510470B002409FCB14DFA9D8459AEBBF6EF85310B10856DE9569B7A1DB30EC45CBA1
                                                                                                                                                                                Function 07758EB0 Relevance: 3.8, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1079 7758eb0-7758ecd 1111 7758ed0 call e005e0 1079->1111 1112 7758ed0 call e00606 1079->1112 1080 7758ed6-7758eda 1081 7758f05-7758f09 1080->1081 1082 7758edc-7758f03 1080->1082 1083 7758f0d-7758f1e 1081->1083 1084 7758f0b 1081->1084 1094 7758f79-7758f88 1082->1094 1086 7758f25-7758f29 1083->1086 1084->1086 1088 7758f30-7758f33 1086->1088 1089 7758f2b-7758f2e 1086->1089 1091 7758f36-7758f5e 1088->1091 1089->1091 1100 7758f60 1091->1100 1101 7758f62 1091->1101 1098 7758fba-7758fd4 1094->1098 1099 7758f8a-7758f8e 1094->1099 1102 7758f90-7758f99 1099->1102 1103 7758faf 1099->1103 1105 7758f65-7758f6c 1100->1105 1101->1105 1107 7758fa0-7758fa3 1102->1107 1108 7758f9b-7758f9e 1102->1108 1104 7758fb2 1103->1104 1104->1098 1105->1094 1110 7758f6e-7758f71 1105->1110 1109 7758fad 1107->1109 1108->1109 1109->1104 1110->1094 1111->1080 1112->1080
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (Wl$ (Wl$ (Wl
                                                                                                                                                                                • API String ID: 0-2211232075
                                                                                                                                                                                • Opcode ID: d009baf03248514feaf5a624cf0d73ee429769c6bc95a630897eb6fa3272687f
                                                                                                                                                                                • Instruction ID: 62494e3536fb99b45d07b9a633a187da869244cc99c75366a3ce3e384faca8b3
                                                                                                                                                                                • Opcode Fuzzy Hash: d009baf03248514feaf5a624cf0d73ee429769c6bc95a630897eb6fa3272687f
                                                                                                                                                                                • Instruction Fuzzy Hash: 71318FB0700206CFCB24DF24C8456AE77F2EB9D290F140629E8169B784DB70EC518BD2
                                                                                                                                                                                Function 07DFCA50 Relevance: 3.1, Strings: 2, Instructions: 580COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1412 7dfca50-7dfca52 1413 7dfca5b-7dfca5c 1412->1413 1414 7dfca54-7dfca5a 1412->1414 1415 7dfca5e 1413->1415 1416 7dfca99 1413->1416 1414->1413 1417 7dfca63-7dfca66 1414->1417 1419 7dfca67-7dfca75 1415->1419 1420 7dfca60-7dfca61 1415->1420 1418 7dfca9a 1416->1418 1417->1419 1421 7dfca9b-7dfcaa3 1418->1421 1431 7dfca97 1419->1431 1432 7dfca77-7dfca78 1419->1432 1420->1417 1422 7dfcd77-7dfcd86 1421->1422 1424 7dfcd8c-7dfcd96 1422->1424 1425 7dfcaa8-7dfcab7 1422->1425 1426 7dfcabe-7dfcac7 1425->1426 1427 7dfcab9 1425->1427 1429 7dfcacd-7dfcaf0 1426->1429 1430 7dfcd99-7dfcdaa 1426->1430 1427->1426 1429->1430 1438 7dfcaf6-7dfcb09 1429->1438 1436 7dfcdac-7dfcdb1 1430->1436 1437 7dfcdb3-7dfcde1 1430->1437 1431->1421 1432->1416 1433 7dfca7a-7dfca84 1432->1433 1433->1418 1443 7dfca86-7dfca8f 1433->1443 1436->1437 1446 7dfcdfd-7dfce09 1437->1446 1441 7dfcb0b-7dfcb2b 1438->1441 1442 7dfcb33-7dfcb46 1438->1442 1441->1442 1448 7dfcb98-7dfcba2 1442->1448 1449 7dfcb48-7dfcb54 1442->1449 1443->1431 1456 7dfce0b-7dfce23 1446->1456 1457 7dfce25-7dfce31 1446->1457 1453 7dfcba8-7dfcc20 1448->1453 1454 7dfccd0-7dfcce9 1448->1454 1450 7dfcb56-7dfcb59 1449->1450 1451 7dfcb73-7dfcb91 1449->1451 1458 7dfcb5c-7dfcb61 1450->1458 1451->1448 1501 7dfcc5e-7dfcc6c 1453->1501 1502 7dfcc22-7dfcc31 1453->1502 1615 7dfcceb call e005e0 1454->1615 1616 7dfcceb call e00606 1454->1616 1617 7dfcceb call 7dfcdb0 1454->1617 1618 7dfcceb call 7dfca50 1454->1618 1456->1457 1476 7dfcde3-7dfcdf4 1456->1476 1467 7dfce48-7dfce4c 1457->1467 1468 7dfce33-7dfce46 1457->1468 1458->1430 1460 7dfcb67-7dfcb6c 1458->1460 1460->1451 1465 7dfcb6e-7dfcb71 1460->1465 1462 7dfccf1-7dfcd36 1492 7dfcd3e-7dfcd74 1462->1492 1465->1451 1465->1458 1472 7dfce4e-7dfce5a 1467->1472 1473 7dfce60-7dfcefd 1467->1473 1468->1467 1468->1473 1472->1473 1483 7dfd1df-7dfd1e9 1472->1483 1534 7dfceff-7dfcf23 1473->1534 1535 7dfcf25-7dfcf31 1473->1535 1485 7dfd1fe-7dfd216 1476->1485 1486 7dfcdfa 1476->1486 1489 7dfd1f1-7dfd1fb 1483->1489 1496 7dfd21f-7dfd24d 1485->1496 1497 7dfd218-7dfd21e 1485->1497 1486->1446 1492->1422 1519 7dfd24f-7dfd255 1496->1519 1520 7dfd257-7dfd25d 1496->1520 1497->1496 1511 7dfcc6e-7dfcc89 1501->1511 1512 7dfcca4-7dfccce 1501->1512 1502->1501 1508 7dfcc33-7dfcc57 1502->1508 1508->1501 1511->1430 1527 7dfcc8f-7dfcc9d 1511->1527 1512->1492 1524 7dfd260-7dfd2dc 1519->1524 1520->1524 1562 7dfd2de-7dfd2f2 1524->1562 1563 7dfd2f4-7dfd305 1524->1563 1527->1512 1548 7dfcf98-7dfcfdc 1534->1548 1539 7dfcf7f-7dfcf91 1535->1539 1540 7dfcf33-7dfcf7d 1535->1540 1539->1548 1540->1548 1565 7dfcfde-7dfd015 1548->1565 1566 7dfd040-7dfd044 1548->1566 1575 7dfd30c-7dfd320 1562->1575 1563->1575 1619 7dfd017 call 7dfecb8 1565->1619 1620 7dfd017 call 7dfeca8 1565->1620 1569 7dfd046-7dfd060 1566->1569 1570 7dfd063-7dfd067 1566->1570 1569->1570 1572 7dfd0d9-7dfd0e3 1570->1572 1573 7dfd069-7dfd07c 1570->1573 1578 7dfd0eb-7dfd102 1572->1578 1573->1572 1580 7dfd07e-7dfd08a call 7dfef9b 1573->1580 1588 7dfd104-7dfd14e 1578->1588 1589 7dfd150-7dfd193 1578->1589 1584 7dfd090-7dfd0b7 1580->1584 1584->1578 1599 7dfd0b9-7dfd0d7 call 7dfbe68 1584->1599 1608 7dfd19a-7dfd1a8 1588->1608 1589->1608 1590 7dfd01d-7dfd039 1590->1566 1599->1578 1608->1489 1611 7dfd1aa-7dfd1dd 1608->1611 1611->1489 1615->1462 1616->1462 1617->1462 1618->1462 1619->1590 1620->1590
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl$\OWl
                                                                                                                                                                                • API String ID: 0-1681161046
                                                                                                                                                                                • Opcode ID: bc8c9f192a78ccaa356eb93991f105c51fbd3fbf999608d2366c62ca75454fea
                                                                                                                                                                                • Instruction ID: 5104bd0e898dea2e962312163a229de33f86902a99db2b3d01dd7e387b06bf96
                                                                                                                                                                                • Opcode Fuzzy Hash: bc8c9f192a78ccaa356eb93991f105c51fbd3fbf999608d2366c62ca75454fea
                                                                                                                                                                                • Instruction Fuzzy Hash: 593239B4B00209DFCB15DF64C594AAEF7B2FF88304B158569E909AB750CB35EC52CBA1
                                                                                                                                                                                Function 0775DAD0 Relevance: 2.9, Strings: 2, Instructions: 353COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl$\OWl
                                                                                                                                                                                • API String ID: 0-1681161046
                                                                                                                                                                                • Opcode ID: 95745892e418567b00f671fa0cc7d106636f0a8cff254b84e3836b5268a3c830
                                                                                                                                                                                • Instruction ID: 12d46a5bf9828dc712e94eb9aa04f5ff205576d72930720d777ccd407bb672cc
                                                                                                                                                                                • Opcode Fuzzy Hash: 95745892e418567b00f671fa0cc7d106636f0a8cff254b84e3836b5268a3c830
                                                                                                                                                                                • Instruction Fuzzy Hash: DFD16174B002149BDB14EBA48D917AEB6F2AF88704F24911CE606BF7C4DF71DC169B92
                                                                                                                                                                                Function 07D9DF81 Relevance: 2.8, Strings: 2, Instructions: 280COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: ,)Wl$,)Wl
                                                                                                                                                                                • API String ID: 0-2775975601
                                                                                                                                                                                • Opcode ID: e17bc59fa5715605b63a71b06e28a380e5ab15b43822caa5712f44d923b84686
                                                                                                                                                                                • Instruction ID: 2f5f49ad1f7b59a0161bfb36b996027d6d4f66334c59cc8825de610814a5debe
                                                                                                                                                                                • Opcode Fuzzy Hash: e17bc59fa5715605b63a71b06e28a380e5ab15b43822caa5712f44d923b84686
                                                                                                                                                                                • Instruction Fuzzy Hash: C1A15C71A00209DFCB14DFB9D8586EDBBF2BF89304F248079E509AB760DB35994ACB51
                                                                                                                                                                                Function 07DFAA70 Relevance: 2.7, Strings: 2, Instructions: 248COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl$\OWl
                                                                                                                                                                                • API String ID: 0-1681161046
                                                                                                                                                                                • Opcode ID: 0d6729ec2d5e43e34eaa6c417d1b9247fad2c6455c5eeef47d4687b31ae8abf2
                                                                                                                                                                                • Instruction ID: 6e98e56a086f9f8e9359a6d7cc5edfd4cbead4d2f64af9fa4ca46aa5194995fa
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d6729ec2d5e43e34eaa6c417d1b9247fad2c6455c5eeef47d4687b31ae8abf2
                                                                                                                                                                                • Instruction Fuzzy Hash: 1381DEB0B002058FCB18EF79D8945AABBF2FFCA2007258469D619CB795DB34DC45CBA1
                                                                                                                                                                                Function 07DF2798 Relevance: 2.7, Strings: 2, Instructions: 238COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl$\OWl
                                                                                                                                                                                • API String ID: 0-1681161046
                                                                                                                                                                                • Opcode ID: 82885cf224960fc4c5f3dfe6775801f158588a35981200446a9b8f7722c6f069
                                                                                                                                                                                • Instruction ID: f9bca788292caba409e7df063cf7b8087b090d85ce9e0ffd0012fd16cc489cae
                                                                                                                                                                                • Opcode Fuzzy Hash: 82885cf224960fc4c5f3dfe6775801f158588a35981200446a9b8f7722c6f069
                                                                                                                                                                                • Instruction Fuzzy Hash: E581C270B002508FCB08AFB995555AE7BF6FFC9210B28812AE555DB7A1DF34CC46C762
                                                                                                                                                                                Function 07753658 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: *Wl$*Wl
                                                                                                                                                                                • API String ID: 0-4173007665
                                                                                                                                                                                • Opcode ID: 0c7a26c1ae18b6e19112756d0012435d6e75ee307a2606051fce0b3af8d8b952
                                                                                                                                                                                • Instruction ID: ff7ec16cd5e7e1cd5393631a1ed6bfc3592a4c8fa81a45613ac85df9575a30ad
                                                                                                                                                                                • Opcode Fuzzy Hash: 0c7a26c1ae18b6e19112756d0012435d6e75ee307a2606051fce0b3af8d8b952
                                                                                                                                                                                • Instruction Fuzzy Hash: 0E815BF4A10206EFCF149FA5C85497ABBB6FF852D8F108929EC069B724DB71DC118B61
                                                                                                                                                                                Function 07DDCE53 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl$\OWl
                                                                                                                                                                                • API String ID: 0-1681161046
                                                                                                                                                                                • Opcode ID: 0ba4014e2a7bae66b8407dc77cb5c4a4d181d0ece1b166ed84ab1e73016c64ad
                                                                                                                                                                                • Instruction ID: 7bd4ad5342ad813b975afd1b45c09529f0bd5a719de4f0b7edf3d9a470a3005a
                                                                                                                                                                                • Opcode Fuzzy Hash: 0ba4014e2a7bae66b8407dc77cb5c4a4d181d0ece1b166ed84ab1e73016c64ad
                                                                                                                                                                                • Instruction Fuzzy Hash: 6F418074B012549FCB05EB78C458ABDBBF6EF89310B1580AAE94ACB391CF359C45CB61
                                                                                                                                                                                Function 07757AB0 Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: ,)Wl$,)Wl
                                                                                                                                                                                • API String ID: 0-2775975601
                                                                                                                                                                                • Opcode ID: 7a00531cd77323a7f4d507b5022e85196e6c782a478130796d48aaaa5ffb72ba
                                                                                                                                                                                • Instruction ID: 986ff0acd1b009c1a5adc0b180a7c336019b4c8a32b16d62a51e10f246acedaf
                                                                                                                                                                                • Opcode Fuzzy Hash: 7a00531cd77323a7f4d507b5022e85196e6c782a478130796d48aaaa5ffb72ba
                                                                                                                                                                                • Instruction Fuzzy Hash: 66112530600300CFC318EF2ACC45996B7F2AF89308724C96DD0499FB5ADB70E80A8BD2
                                                                                                                                                                                Function 07751BF0 Relevance: 1.8, Strings: 1, Instructions: 517COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (Wl
                                                                                                                                                                                • API String ID: 0-114721178
                                                                                                                                                                                • Opcode ID: b2d0b6ff5c3819f602b48e6c777f37129f3db91426ffb74b7c461fbaa9c23ba4
                                                                                                                                                                                • Instruction ID: dd4b2c84d6d02921758bb543b09b508060e5a09c768709b9c7f6d2e95d66d513
                                                                                                                                                                                • Opcode Fuzzy Hash: b2d0b6ff5c3819f602b48e6c777f37129f3db91426ffb74b7c461fbaa9c23ba4
                                                                                                                                                                                • Instruction Fuzzy Hash: BB224A71A0062E8FDB25CF64C8407DAB7B2AF46345F428494DD08BF255D7B1AE8ACF91
                                                                                                                                                                                Function 07DD8D38 Relevance: 1.7, Strings: 1, Instructions: 462COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl
                                                                                                                                                                                • API String ID: 0-1789346587
                                                                                                                                                                                • Opcode ID: 68ccd938b4a84662ca47559262b614758fbb6fc19b02ca4eb03c8e1df440d651
                                                                                                                                                                                • Instruction ID: 2ce7b852b4d2da9b1382df73c4bd86b5aa299f816a9d4daf1f4a8f379abca797
                                                                                                                                                                                • Opcode Fuzzy Hash: 68ccd938b4a84662ca47559262b614758fbb6fc19b02ca4eb03c8e1df440d651
                                                                                                                                                                                • Instruction Fuzzy Hash: 60028AB0B002058FCB16DB69C8949AEF7F6FF88314B148529E446DB7A0DB35EC46CB61
                                                                                                                                                                                Function 07DFCDB0 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl
                                                                                                                                                                                • API String ID: 0-1789346587
                                                                                                                                                                                • Opcode ID: 93a17e754cb40ee00fec1051013338e5b940b79f28ea5e9e04b87569c938aaf4
                                                                                                                                                                                • Instruction ID: f91be5d3d19e91fd052e023eafc5c3e0def8404e5c848a75689fa01f4fdae809
                                                                                                                                                                                • Opcode Fuzzy Hash: 93a17e754cb40ee00fec1051013338e5b940b79f28ea5e9e04b87569c938aaf4
                                                                                                                                                                                • Instruction Fuzzy Hash: 34022AB4B00205DFCB15EF74C594AAEB7B2FF89315B108569E50A9B750CB35EC42CBA1
                                                                                                                                                                                Function 07DF85D0 Relevance: 1.7, Strings: 1, Instructions: 415COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @MWl
                                                                                                                                                                                • API String ID: 0-1944878930
                                                                                                                                                                                • Opcode ID: 305eefccb297acf1bca0a8438a76b6a1e70c06998968985fe71d21cae53db3a3
                                                                                                                                                                                • Instruction ID: bf835c7966f0842c8336fc241a7da68d6b988e1e7aa19ec35c23c79eb1fc854c
                                                                                                                                                                                • Opcode Fuzzy Hash: 305eefccb297acf1bca0a8438a76b6a1e70c06998968985fe71d21cae53db3a3
                                                                                                                                                                                • Instruction Fuzzy Hash: 5D021774A00208CFCB14DFA9C484AADBBF5FF89315F1580A9E906EB761DB31AD46CB51
                                                                                                                                                                                Function 07DDFBD8 Relevance: 1.6, Strings: 1, Instructions: 380COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl
                                                                                                                                                                                • API String ID: 0-1789346587
                                                                                                                                                                                • Opcode ID: d6e723fcb371411f4dd69bd49b58ea1a8aa626159b9b613c6994a7f0440abd88
                                                                                                                                                                                • Instruction ID: 6852450f89b99e5d38e2634bccffeef6513d2a94962d3ad9e7c5c5638b4f4a10
                                                                                                                                                                                • Opcode Fuzzy Hash: d6e723fcb371411f4dd69bd49b58ea1a8aa626159b9b613c6994a7f0440abd88
                                                                                                                                                                                • Instruction Fuzzy Hash: 508187747102019FCB48AF79D8595AEBBE3AFC8304B208429E916CB7A0DF39CD46CB51
                                                                                                                                                                                Function 050C1653 Relevance: 1.6, APIs: 1, Instructions: 107registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegCreateKeyExW.KERNEL32(?,00000E24), ref: 050C172D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Create
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                                                                • Opcode ID: 744f2d79853defae972c918c8698cae9c28a78c9de9cc0f877a75513ca15743d
                                                                                                                                                                                • Instruction ID: 4f92cef488541f0264aca2bb932ed35bea1acf813a49dfaa48be83efc06f5c45
                                                                                                                                                                                • Opcode Fuzzy Hash: 744f2d79853defae972c918c8698cae9c28a78c9de9cc0f877a75513ca15743d
                                                                                                                                                                                • Instruction Fuzzy Hash: 6331A071509384AFD722CB65DC44FA7BFFCEF06214F0845DAE9858B562D324E908CB61
                                                                                                                                                                                Function 050C2C52 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ioctlsocket.WS2_32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C2D43
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ioctlsocket
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3577187118-0
                                                                                                                                                                                • Opcode ID: 80c89df1f9a5a2b04f33bb10197038243eefcda6cbc4c8635655bd57cdfa5582
                                                                                                                                                                                • Instruction ID: 9f0b9df27f4745f7f19f47c41062746e89eaa13b878567424a6d7ce16ffd8296
                                                                                                                                                                                • Opcode Fuzzy Hash: 80c89df1f9a5a2b04f33bb10197038243eefcda6cbc4c8635655bd57cdfa5582
                                                                                                                                                                                • Instruction Fuzzy Hash: 3D31597540E3C05FD7138B209C54BA6BFB4AF07214F0A84DBD9848F5A3C6685849C7B2
                                                                                                                                                                                Function 050C0CE6 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • getaddrinfo.WS2_32(?,00000E24), ref: 050C0DC3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: getaddrinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 300660673-0
                                                                                                                                                                                • Opcode ID: 3908c9db70960536e34e964807e884166abca71a74164d419ad54680303b8fef
                                                                                                                                                                                • Instruction ID: eebea40ca8f47d96ef8dd33759e2ac1a240d5d6441ead7c177003f9f9f1e6fbc
                                                                                                                                                                                • Opcode Fuzzy Hash: 3908c9db70960536e34e964807e884166abca71a74164d419ad54680303b8fef
                                                                                                                                                                                • Instruction Fuzzy Hash: EF3192B2404384AFEB218B61DC54FA6FFBCEF06714F04449AF9849B192D275A909CB71
                                                                                                                                                                                Function 050C1E9D Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VerLanguageNameW.KERNEL32(?,00000E24,?,?), ref: 050C1F6A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LanguageName
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2060303382-0
                                                                                                                                                                                • Opcode ID: 66da5ebd8cb43818d1a7b005ec8b030623200546b4fff0dde68041c5efaf3985
                                                                                                                                                                                • Instruction ID: 21de03c2af554d809987a4fd66f9e487d33760264d3a5949d793c51a9f62e478
                                                                                                                                                                                • Opcode Fuzzy Hash: 66da5ebd8cb43818d1a7b005ec8b030623200546b4fff0dde68041c5efaf3985
                                                                                                                                                                                • Instruction Fuzzy Hash: 5E314CB550E3C06FD7138B259C61A62BFB4EF87614B0A40DBE884CF5A3D6246919C772
                                                                                                                                                                                Function 050C09BC Relevance: 1.6, APIs: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WSASocketW.WS2_32(?,?,?,?,?), ref: 050C0A6E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Socket
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 38366605-0
                                                                                                                                                                                • Opcode ID: aa94d04f49b47036dc7408228a4b112df7548a532f22eaf092b3c42a2b6f0ac4
                                                                                                                                                                                • Instruction ID: bc520cc92f1083661f95834465b910bcf453449af83898a1f6b84b63ab18cbe4
                                                                                                                                                                                • Opcode Fuzzy Hash: aa94d04f49b47036dc7408228a4b112df7548a532f22eaf092b3c42a2b6f0ac4
                                                                                                                                                                                • Instruction Fuzzy Hash: 7831A3714093C0AFD7238B61DC54F5ABFB5EF07210F0984DBE9858F5A3C265A908CB62
                                                                                                                                                                                Function 050C1538 Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,00000E24), ref: 050C1606
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                • Opcode ID: 66a9283f697affb86fea5947240c640a632b800d64ff47d5e48e744b2aff8add
                                                                                                                                                                                • Instruction ID: 77f155f8ec137ad746645dc73e49ded731bf1706c82e2beaa086de0cca057c42
                                                                                                                                                                                • Opcode Fuzzy Hash: 66a9283f697affb86fea5947240c640a632b800d64ff47d5e48e744b2aff8add
                                                                                                                                                                                • Instruction Fuzzy Hash: 2331C471408380AFE722CF50DC41FA6FBB8EF06714F08499EF9858B592D3A5A949CB61
                                                                                                                                                                                Function 050C2E8B Relevance: 1.6, APIs: 1, Instructions: 93windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FormatMessageW.KERNEL32(?,00000E24,?,?), ref: 050C2F4E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FormatMessage
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1306739567-0
                                                                                                                                                                                • Opcode ID: 87e527a96e16e8b30cb60b5d798bcbb5f0981b73b9f7108cedbc2fe10ef05236
                                                                                                                                                                                • Instruction ID: 582980dab5d6d0be56f64f1929011feb17665389616a2a67a676928ce5fa0359
                                                                                                                                                                                • Opcode Fuzzy Hash: 87e527a96e16e8b30cb60b5d798bcbb5f0981b73b9f7108cedbc2fe10ef05236
                                                                                                                                                                                • Instruction Fuzzy Hash: BE318F7150D3C45FD3038B258C61AA2BFB4EF47614F1A84CBD8C49F2A3D624691AC7A2
                                                                                                                                                                                Function 050C2D8D Relevance: 1.6, APIs: 1, Instructions: 92networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WSAIoctl.WS2_32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C2E41
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Ioctl
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3041054344-0
                                                                                                                                                                                • Opcode ID: 7316a0b977671b2eacb5c12d7094efe1e4acbdd0b0a2866f03c9823620b8b3bb
                                                                                                                                                                                • Instruction ID: b4c136a1788105b1907c48a593ae89e17111a38ea784775ae491d623d7153eb9
                                                                                                                                                                                • Opcode Fuzzy Hash: 7316a0b977671b2eacb5c12d7094efe1e4acbdd0b0a2866f03c9823620b8b3bb
                                                                                                                                                                                • Instruction Fuzzy Hash: 99319075409780AFDB22CF51DC44FA6BFF8EF06714F08849AE9859B562D334E909CB61
                                                                                                                                                                                Function 050C0648 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcessTimes.KERNEL32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C06E5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ProcessTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1995159646-0
                                                                                                                                                                                • Opcode ID: 4ca4d616e8adfecb47d16e290df0dce9e4fc9f5103244a954898afd3982e378e
                                                                                                                                                                                • Instruction ID: 86e05e46297d54ce4e7351415a528453351db7a84cd3c4a6d8a54c8b9762ffd1
                                                                                                                                                                                • Opcode Fuzzy Hash: 4ca4d616e8adfecb47d16e290df0dce9e4fc9f5103244a954898afd3982e378e
                                                                                                                                                                                • Instruction Fuzzy Hash: 9A31E871409380AFDB128F61DC45FAABFB8EF06310F0984DAE9848B593D2259909C7A1
                                                                                                                                                                                Function 050C1775 Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegSetValueExW.KERNEL32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C182C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                • Opcode ID: 6cae46f389e0fe70ecdec529e28f01725d47c1a3da1012f380a97d5d71942e48
                                                                                                                                                                                • Instruction ID: 891fd0332999f19d7d9b4104df10cc272777593a5352700780bd3056ce5a9be0
                                                                                                                                                                                • Opcode Fuzzy Hash: 6cae46f389e0fe70ecdec529e28f01725d47c1a3da1012f380a97d5d71942e48
                                                                                                                                                                                • Instruction Fuzzy Hash: FD31A0755097806FE722CB219C85BA7BFF8EF06610F0885DEE8858B593D364E809C7A1
                                                                                                                                                                                Function 050C1692 Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegCreateKeyExW.KERNEL32(?,00000E24), ref: 050C172D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Create
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                                                                • Opcode ID: 5fb57a5b7b4b4bb28217023d18ee172995ca3fad783f06883479a7f00cae3b49
                                                                                                                                                                                • Instruction ID: 7801ad863324e56238ea331af7206cde2722c44d5f0129a0f5bba8672cb44f6f
                                                                                                                                                                                • Opcode Fuzzy Hash: 5fb57a5b7b4b4bb28217023d18ee172995ca3fad783f06883479a7f00cae3b49
                                                                                                                                                                                • Instruction Fuzzy Hash: CA21A072500704AFEB20DF55DD44FABBBFCEF08614F04859AE945CAA52D720E508CA61
                                                                                                                                                                                Function 050C3DE4 Relevance: 1.6, APIs: 1, Instructions: 86networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WSASend.WS2_32(?,00000E24,?,?), ref: 050C3E92
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Send
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 121738739-0
                                                                                                                                                                                • Opcode ID: 4b9ff597e5178f80b4e59418c4c4bb3c24bb3aec1996a4338fba8175977d43e6
                                                                                                                                                                                • Instruction ID: 14f8d20369c26952b49df9e314acb40e385c95e3e6b1bf4ae7bc9593538592ef
                                                                                                                                                                                • Opcode Fuzzy Hash: 4b9ff597e5178f80b4e59418c4c4bb3c24bb3aec1996a4338fba8175977d43e6
                                                                                                                                                                                • Instruction Fuzzy Hash: 10316D7140E3C05FC3138B658C61A62BFB4EF47620F1A84CBD884DF5A3D229A919C7A2
                                                                                                                                                                                Function 050C0381 Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateMutexW.KERNEL32(?,?), ref: 050C0421
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateMutex
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1964310414-0
                                                                                                                                                                                • Opcode ID: 3f567dfe3bf160d1f48d1aee6e57b64e9c2f92ecca7dc723d40582763ca0a4b2
                                                                                                                                                                                • Instruction ID: 5c78fdeba6ede0f339d72e435f88341b33f57853a12635c4e0c18f8741202e28
                                                                                                                                                                                • Opcode Fuzzy Hash: 3f567dfe3bf160d1f48d1aee6e57b64e9c2f92ecca7dc723d40582763ca0a4b2
                                                                                                                                                                                • Instruction Fuzzy Hash: F43191B1509380AFE711CB65DC55F5AFFF8EF06210F0884DAE9848B292D365E909CB61
                                                                                                                                                                                Function 050C0D1E Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • getaddrinfo.WS2_32(?,00000E24), ref: 050C0DC3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: getaddrinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 300660673-0
                                                                                                                                                                                • Opcode ID: 71302fe5ba08339c1f41e3637cd974714faf99b8409e309e51661a9f06d8c42c
                                                                                                                                                                                • Instruction ID: b8397ef3a8a24e3d871676037d27657f110c32fd7270ffca931328c46d75f40e
                                                                                                                                                                                • Opcode Fuzzy Hash: 71302fe5ba08339c1f41e3637cd974714faf99b8409e309e51661a9f06d8c42c
                                                                                                                                                                                • Instruction Fuzzy Hash: 79219171500204AEEB20DF50DC85FAAFBACEF04714F04489AFA499A691D775A949CBB1
                                                                                                                                                                                Function 050C0006 Relevance: 1.6, APIs: 1, Instructions: 83fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileView
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3314676101-0
                                                                                                                                                                                • Opcode ID: 6ec20a2ceea61a20f331f70c6f1a9b9e05381409fd147e9bb7521ce04b68e6e1
                                                                                                                                                                                • Instruction ID: d0a7f20ca74bf1f21aa60caf7c308608a7b07323cb7a1eb5cbd964fb6a2a8d49
                                                                                                                                                                                • Opcode Fuzzy Hash: 6ec20a2ceea61a20f331f70c6f1a9b9e05381409fd147e9bb7521ce04b68e6e1
                                                                                                                                                                                • Instruction Fuzzy Hash: 76318471409380AFD722CF55DC44F96FFF8EF06224F04449AE5858B652D365A949CB62
                                                                                                                                                                                Function 050C331A Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegNotifyChangeKeyValue.KERNEL32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C33C4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ChangeNotifyValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3933585183-0
                                                                                                                                                                                • Opcode ID: d943ca4bbedcd368a204ed5dd0729b755f3f7eb182023499db9f42ae447b6aae
                                                                                                                                                                                • Instruction ID: 05c555b10ee8aafb9f009f0e6677dae143eabb36288605d468876a8e4ec8335d
                                                                                                                                                                                • Opcode Fuzzy Hash: d943ca4bbedcd368a204ed5dd0729b755f3f7eb182023499db9f42ae447b6aae
                                                                                                                                                                                • Instruction Fuzzy Hash: ED3193B14093846FEB22CB50DC44FA7FFF8EF46314F08889AE9859B552D264A509C7B1
                                                                                                                                                                                Function 050C3120 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 050C31B9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CurrentOpenUser
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1571386571-0
                                                                                                                                                                                • Opcode ID: ebd5c1cd8c90f96b672bed3bd213bdfac409de21babd0e9ff786cfca7df3b061
                                                                                                                                                                                • Instruction ID: a7c8c12e578191ad878f7efbef614420dc30650f3c562a0c6fe8fd004bb11e7e
                                                                                                                                                                                • Opcode Fuzzy Hash: ebd5c1cd8c90f96b672bed3bd213bdfac409de21babd0e9ff786cfca7df3b061
                                                                                                                                                                                • Instruction Fuzzy Hash: F021E4714093806FEB228B219C45FAABFB8EF06214F0984DAE9448F153D264990DC771
                                                                                                                                                                                Function 050C1F96 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTokenInformation.KERNELBASE(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C2020
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InformationToken
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4114910276-0
                                                                                                                                                                                • Opcode ID: ddea92ffeed8ccbcffdd962a5c0251ba30d5df00e7f46cd5824eb6fbd704aa0e
                                                                                                                                                                                • Instruction ID: 0e6bd70c82634ccfb7ebb5f24d9aec99bd9b36b4d9741c1579c59f54d6314099
                                                                                                                                                                                • Opcode Fuzzy Hash: ddea92ffeed8ccbcffdd962a5c0251ba30d5df00e7f46cd5824eb6fbd704aa0e
                                                                                                                                                                                • Instruction Fuzzy Hash: 5121A171505340AFD721CF51DC44FABBBBCEF05214F04849AE985CB552D224A908CBB1
                                                                                                                                                                                Function 050C2CB0 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ioctlsocket.WS2_32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C2D43
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ioctlsocket
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3577187118-0
                                                                                                                                                                                • Opcode ID: ab2ac73cbaf9851b82f6b0ebc0f9a240bc2aa620a63d33e0a8a400514f586544
                                                                                                                                                                                • Instruction ID: 8c1ebc3d5183057dd1beb07cd0a30c50884d9d50b9bd39b426a48b1176cb0159
                                                                                                                                                                                • Opcode Fuzzy Hash: ab2ac73cbaf9851b82f6b0ebc0f9a240bc2aa620a63d33e0a8a400514f586544
                                                                                                                                                                                • Instruction Fuzzy Hash: F52191714097C06FD722CB609C44F96BFB8EF46214F0984DBE984DF5A3D268A909C772
                                                                                                                                                                                Function 050C1394 Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegEnumKeyExW.KERNEL32(?,00000E24,?,?), ref: 050C143A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Enum
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2928410991-0
                                                                                                                                                                                • Opcode ID: 2515ec6f285ae1b5b4454e2f3c178944e3755444ca1baac26ff902a2d5f7602d
                                                                                                                                                                                • Instruction ID: 4e6221a28d69eb8e0cce4be50f0e1f5f249379ff74c45981c225dc859a4693e1
                                                                                                                                                                                • Opcode Fuzzy Hash: 2515ec6f285ae1b5b4454e2f3c178944e3755444ca1baac26ff902a2d5f7602d
                                                                                                                                                                                • Instruction Fuzzy Hash: 42216D7550E3C06FC3138B358C55A56BFB4EF87610F1E80CFD8848B6A3D225A91AC7A2
                                                                                                                                                                                Function 050C3A7F Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetAdaptersAddresses.IPHLPAPI(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C3B11
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AdaptersAddresses
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2506852604-0
                                                                                                                                                                                • Opcode ID: 60f415d4a6dcb2dd353ec13dbf69580eb48b412bee904983cf5769abaea575d4
                                                                                                                                                                                • Instruction ID: 86a7517164d233d08344f74688f8f2bf2f30d67b9e166ee78653a2fc7cc37a02
                                                                                                                                                                                • Opcode Fuzzy Hash: 60f415d4a6dcb2dd353ec13dbf69580eb48b412bee904983cf5769abaea575d4
                                                                                                                                                                                • Instruction Fuzzy Hash: 5021C7714093806FD7228F51DC44FA6FFB8EF06314F0884DAE9848B592D324A809CB71
                                                                                                                                                                                Function 050C1572 Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegQueryValueExA.KERNELBASE(?,00000E24), ref: 050C1606
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                • Opcode ID: 215b83482d4e5f4e69b82005e11be7fe448d833a8eeeb67031174e400da98b9f
                                                                                                                                                                                • Instruction ID: 156c99d991b929dc5e3fd7cc113d2bdada928491aa0d3c66a89e0f6e14881583
                                                                                                                                                                                • Opcode Fuzzy Hash: 215b83482d4e5f4e69b82005e11be7fe448d833a8eeeb67031174e400da98b9f
                                                                                                                                                                                • Instruction Fuzzy Hash: 0721B072500204AFEB21DF51DC40FBAFBA8EF04714F04895AFA458A691D3B5A949CBB1
                                                                                                                                                                                Function 050C2857 Relevance: 1.6, APIs: 1, Instructions: 74libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(?,00000E24), ref: 050C28F7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                                • Opcode ID: 393ec4247ff154343ea4b13b4cc05940b574e011a8967ebb28f7caeaa1124dfb
                                                                                                                                                                                • Instruction ID: c1c6b151eab87556e7bbbd1220740517a65a83404f0d022283910c9140e85503
                                                                                                                                                                                • Opcode Fuzzy Hash: 393ec4247ff154343ea4b13b4cc05940b574e011a8967ebb28f7caeaa1124dfb
                                                                                                                                                                                • Instruction Fuzzy Hash: 322107754093806FE722CB11DC45FA6FFF8EF06720F0880DAE9848F592D268A949C7B1
                                                                                                                                                                                Function 050C1C6E Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 050C1CEF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileInfoSizeVersion
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1661704012-0
                                                                                                                                                                                • Opcode ID: 4c95983e74b61475230c1dbd028c22c24f725cd16401ca5c50731887e4e57465
                                                                                                                                                                                • Instruction ID: 21768abd4eabbd714ed1c7bbec70e25e0dd3be25f9d9890422efb9e8597be330
                                                                                                                                                                                • Opcode Fuzzy Hash: 4c95983e74b61475230c1dbd028c22c24f725cd16401ca5c50731887e4e57465
                                                                                                                                                                                • Instruction Fuzzy Hash: A021917140D3C49FD7128B24DC95A56BFA4AF07224F1D84DED8848F163D229A809C762
                                                                                                                                                                                Function 050C190D Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,?,17210305,00000000,?,?,?,?,?,?,?,?,6CEA3C58), ref: 050C198B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateDirectory
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4241100979-0
                                                                                                                                                                                • Opcode ID: d5d191887a1712a78f58b23490d27b22f1291a089063b7a3755be1a3157360c3
                                                                                                                                                                                • Instruction ID: ad1e1dffe20f3cd43a4929fc6614a75b3b4191cbba306b8f72389f2680fc673f
                                                                                                                                                                                • Opcode Fuzzy Hash: d5d191887a1712a78f58b23490d27b22f1291a089063b7a3755be1a3157360c3
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A218E755093805FD712CB25DC95B96BFE8EF07220F0984EEE885CF2A3D228D849CB61
                                                                                                                                                                                Function 050C2F86 Relevance: 1.6, APIs: 1, Instructions: 73networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WSAEventSelect.WS2_32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C300A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EventSelect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 31538577-0
                                                                                                                                                                                • Opcode ID: 40b219757c73fba33ee4113f78c18494a7209e889f2523937b6e8f24487e2494
                                                                                                                                                                                • Instruction ID: 827b19e9eeb89c0bc857242dab24a1eaf6f25ca3b3792d5f137988d6edaa028d
                                                                                                                                                                                • Opcode Fuzzy Hash: 40b219757c73fba33ee4113f78c18494a7209e889f2523937b6e8f24487e2494
                                                                                                                                                                                • Instruction Fuzzy Hash: F32192B24093846FD721CB51DC84FA7FBFCEF45614F08849BE9459B652D234A508CBB5
                                                                                                                                                                                Function 050C03AE Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateMutexW.KERNEL32(?,?), ref: 050C0421
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateMutex
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1964310414-0
                                                                                                                                                                                • Opcode ID: e6301557b67f26221e91399e232bc5d43d9719f06cfce7fbe95753b7a7f79819
                                                                                                                                                                                • Instruction ID: 561edc538ea51a2a4151b1f0a783aa0d8dbfe49862ff5080415f6b8b57804280
                                                                                                                                                                                • Opcode Fuzzy Hash: e6301557b67f26221e91399e232bc5d43d9719f06cfce7fbe95753b7a7f79819
                                                                                                                                                                                • Instruction Fuzzy Hash: 5E21AFB15042049FE720CF65DD85BAEFBE8EF05614F0484AEED498B641D775E409CA61
                                                                                                                                                                                Function 050C2DC6 Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WSAIoctl.WS2_32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C2E41
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Ioctl
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3041054344-0
                                                                                                                                                                                • Opcode ID: 63b7e6a87f2abedf7bab85646efa7dd8b268c7b32122d122f3c2120c79cd81e5
                                                                                                                                                                                • Instruction ID: 92c7236e861d8bf6b5b74114ad4122cbbb10fba05f33ab94fb9bdfc4999f36d4
                                                                                                                                                                                • Opcode Fuzzy Hash: 63b7e6a87f2abedf7bab85646efa7dd8b268c7b32122d122f3c2120c79cd81e5
                                                                                                                                                                                • Instruction Fuzzy Hash: 4C218075500200AFEB21CF51DC44FAAFBE8EF05714F0484AEED859BA51D370E809CBA1
                                                                                                                                                                                Function 050C37E6 Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetNetworkParams.IPHLPAPI(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C3870
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: NetworkParams
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2134775280-0
                                                                                                                                                                                • Opcode ID: 1cf6006b813eb262bb87adab76ea4e1d94cce2ac819d05a031367f1f492d3aa1
                                                                                                                                                                                • Instruction ID: 9519541d4fdb6afb2e10d36703f866eeb975c600376e4c6fdaabc54affb1089f
                                                                                                                                                                                • Opcode Fuzzy Hash: 1cf6006b813eb262bb87adab76ea4e1d94cce2ac819d05a031367f1f492d3aa1
                                                                                                                                                                                • Instruction Fuzzy Hash: 2421A4714093806FD7128B11DC44FA6FFB8EF46224F0984DBE9448F693D268A949CBB2
                                                                                                                                                                                Function 050C3054 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RasConnectionNotificationW.RASAPI32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C30E3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ConnectionNotification
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1402429939-0
                                                                                                                                                                                • Opcode ID: 6c5869d6a62acedc18dd5e2241b380147d3085e477080fbc57d1431e0709f5ab
                                                                                                                                                                                • Instruction ID: 6b1fcea9503f0dfced9eef1bb52a68dea81c5d5040a4972a7ca8685215b333db
                                                                                                                                                                                • Opcode Fuzzy Hash: 6c5869d6a62acedc18dd5e2241b380147d3085e477080fbc57d1431e0709f5ab
                                                                                                                                                                                • Instruction Fuzzy Hash: 5921D4B54093846FD7228B10DC45FA6FFB8EF42314F0984DBE9848B593D264A908CBB1
                                                                                                                                                                                Function 050C1466 Relevance: 1.6, APIs: 1, Instructions: 70registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(?,00000E24), ref: 050C14FB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                • Opcode ID: 8886bc1f33b4babb5fe90e1b5fff2f436e0ffca6e9966beb8e06d42311730987
                                                                                                                                                                                • Instruction ID: 1153cf174dbb2e1d02db67c609cb355b9fdb0c846176e538151b4c53dcdb6881
                                                                                                                                                                                • Opcode Fuzzy Hash: 8886bc1f33b4babb5fe90e1b5fff2f436e0ffca6e9966beb8e06d42311730987
                                                                                                                                                                                • Instruction Fuzzy Hash: 8021CF71005340AFEB228F11DC84FA6FFB8EF06710F04849AF9454B6A2D375A949CBA1
                                                                                                                                                                                Function 050C3B4E Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 050C3BD2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Connect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3144859779-0
                                                                                                                                                                                • Opcode ID: f1bf2726007bc6c63ce76d896b804991aeeaf4866f296f2b8406b62b13e8b4b2
                                                                                                                                                                                • Instruction ID: aab30263895ae147df1337da051d119064566cb7e227fb3caac63d4da4028160
                                                                                                                                                                                • Opcode Fuzzy Hash: f1bf2726007bc6c63ce76d896b804991aeeaf4866f296f2b8406b62b13e8b4b2
                                                                                                                                                                                • Instruction Fuzzy Hash: 64217C754093C09FDB228F61DC84A96BFF4EF06210F0988DEE9858B162D265A809DB61
                                                                                                                                                                                Function 050C114A Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C11C6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                • Opcode ID: a8b17ea7931431812bd5b78f5a3c2d8b23572178919013e6486099b5a9bc39d6
                                                                                                                                                                                • Instruction ID: 8d32f30a3a8a74c86262864fe580de04543dff76babf9a3bd5e2627706e479fc
                                                                                                                                                                                • Opcode Fuzzy Hash: a8b17ea7931431812bd5b78f5a3c2d8b23572178919013e6486099b5a9bc39d6
                                                                                                                                                                                • Instruction Fuzzy Hash: A121A1714093806FDB22CF50DC44FA7FFF8EF45210F08849AE9859B552D364A508CBB1
                                                                                                                                                                                Function 050C1FB6 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTokenInformation.KERNELBASE(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C2020
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InformationToken
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4114910276-0
                                                                                                                                                                                • Opcode ID: 4072301f80ec5a5b4081544dec4546d5fe8be4fd63e85a408907815b5ab87af3
                                                                                                                                                                                • Instruction ID: b3b4a738953107282a63856ebd7e0b41dd9866fcb875d9b5503a1b222cbddf64
                                                                                                                                                                                • Opcode Fuzzy Hash: 4072301f80ec5a5b4081544dec4546d5fe8be4fd63e85a408907815b5ab87af3
                                                                                                                                                                                • Instruction Fuzzy Hash: A5119D76500204AFEB21CF51DC85FABBBECEF04624F1484AAE946CBA51D774E509CBB1
                                                                                                                                                                                Function 050C0A02 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WSASocketW.WS2_32(?,?,?,?,?), ref: 050C0A6E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Socket
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 38366605-0
                                                                                                                                                                                • Opcode ID: a2f09bed10336b318bd601e94bddae93f6e1c1d3a2deeb7b75d0f70ac313939f
                                                                                                                                                                                • Instruction ID: 9bf2424af1c3221ab476fe15d05e87466fa8dea3d08fe2f832d17618176ec3da
                                                                                                                                                                                • Opcode Fuzzy Hash: a2f09bed10336b318bd601e94bddae93f6e1c1d3a2deeb7b75d0f70ac313939f
                                                                                                                                                                                • Instruction Fuzzy Hash: 2621CF71405240EFEB21CF95DD45FAAFBF8EF04224F04889EE9458A751D375A509CB62
                                                                                                                                                                                Function 050C0032 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileView
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3314676101-0
                                                                                                                                                                                • Opcode ID: 870dc9ab387c84b5d743920ceab2a4e330daf20721557b6c34890d5101fe7670
                                                                                                                                                                                • Instruction ID: 0bf978268dfeceff67f9d8b319e10378992e8b74e9d89686a82258af5f2848b5
                                                                                                                                                                                • Opcode Fuzzy Hash: 870dc9ab387c84b5d743920ceab2a4e330daf20721557b6c34890d5101fe7670
                                                                                                                                                                                • Instruction Fuzzy Hash: 2B21DE71504200AFE721CF55DC84FAEFBE8EF08224F14849EE9858BA41E375E409CBA2
                                                                                                                                                                                Function 050C3156 Relevance: 1.6, APIs: 1, Instructions: 66registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenCurrentUser.KERNELBASE(?,00000E24), ref: 050C31B9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CurrentOpenUser
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1571386571-0
                                                                                                                                                                                • Opcode ID: 52ffe14862e23ddde282a7eb8ef9251c979ae6f3ba0a7c369add403ca7ccac7f
                                                                                                                                                                                • Instruction ID: 62f6879ad257b65bf0dd0b1d6428a8ebd02803fe76face4feac1779787d7659b
                                                                                                                                                                                • Opcode Fuzzy Hash: 52ffe14862e23ddde282a7eb8ef9251c979ae6f3ba0a7c369add403ca7ccac7f
                                                                                                                                                                                • Instruction Fuzzy Hash: 6C11D071504204AEEB20DF55DC45FBEFBECEF04224F18889AED449F651D374A9098AB1
                                                                                                                                                                                Function 050C335A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegNotifyChangeKeyValue.KERNEL32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C33C4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ChangeNotifyValue
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3933585183-0
                                                                                                                                                                                • Opcode ID: c3a5ac87674df830e86e403129234a3385d7b531cdbd96c9019086103188c253
                                                                                                                                                                                • Instruction ID: c690efeebecefdce2ab69f69434fae99810a5cccf2ade95bc403ce702cc5eb14
                                                                                                                                                                                • Opcode Fuzzy Hash: c3a5ac87674df830e86e403129234a3385d7b531cdbd96c9019086103188c253
                                                                                                                                                                                • Instruction Fuzzy Hash: 5E118E72504204AFEB21CF95DC84FEBFBECEF04624F04889AE9459BA51D774A5098BB1
                                                                                                                                                                                Function 050C17BA Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegSetValueExW.KERNEL32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C182C
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                • Opcode ID: 17ae42fe2b2b286d8d945cb193e2055d2e2754de30d42df70938282e375b733c
                                                                                                                                                                                • Instruction ID: 45fd04db9bc424255bf6d8cafb8ada28a2af3bf91cf3c220f184f509cf808b33
                                                                                                                                                                                • Opcode Fuzzy Hash: 17ae42fe2b2b286d8d945cb193e2055d2e2754de30d42df70938282e375b733c
                                                                                                                                                                                • Instruction Fuzzy Hash: F811B1B2504200AFE721CF51DC40FABFBF8EF05610F04849AED459A652D370E409CAB1
                                                                                                                                                                                Function 050C0686 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetProcessTimes.KERNEL32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C06E5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ProcessTimes
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1995159646-0
                                                                                                                                                                                • Opcode ID: d1e294c508907933470e196b0c749c8164db94e04a36dd347fee8c4782a7eed4
                                                                                                                                                                                • Instruction ID: 4f1dae94cb5dd78a5308536555ffab3ad3694a5b7e4221f15df5f15604e187b4
                                                                                                                                                                                • Opcode Fuzzy Hash: d1e294c508907933470e196b0c749c8164db94e04a36dd347fee8c4782a7eed4
                                                                                                                                                                                • Instruction Fuzzy Hash: B311D072500200EFEB21CF51ED49FAEFBE8EF04724F1484AEE9459A651D774A809CBA1
                                                                                                                                                                                Function 050C2FA6 Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WSAEventSelect.WS2_32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C300A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EventSelect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 31538577-0
                                                                                                                                                                                • Opcode ID: 03288f5840533e7822b6c88bcf52fa3b5be822acc348c36f57a8774f66b6f51a
                                                                                                                                                                                • Instruction ID: 4f98e38c6440f1b78b3fc05263a05e75d1d28bf127d9a16ebddbdc01a25bc587
                                                                                                                                                                                • Opcode Fuzzy Hash: 03288f5840533e7822b6c88bcf52fa3b5be822acc348c36f57a8774f66b6f51a
                                                                                                                                                                                • Instruction Fuzzy Hash: 7211B672404204AFEB21CF51DC84FEBFBECEF04614F14889AE9459B641D774E5088BB5
                                                                                                                                                                                Function 050C0AD1 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • setsockopt.WS2_32(?,?,?,?,?), ref: 050C0B44
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: setsockopt
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3981526788-0
                                                                                                                                                                                • Opcode ID: 0cdbe456ea1116cb8653a4954a66c01890c843e47e31299e61e3d15a2cb1b50a
                                                                                                                                                                                • Instruction ID: c315ecb6f58e5f3a418d55dc662d329674ab867651030926ac750fb64765d3be
                                                                                                                                                                                • Opcode Fuzzy Hash: 0cdbe456ea1116cb8653a4954a66c01890c843e47e31299e61e3d15a2cb1b50a
                                                                                                                                                                                • Instruction Fuzzy Hash: D1218E714093C0AFDB128F65DD54B66BFF4EF47310F0988DAD9848F162D225A849CB61
                                                                                                                                                                                Function 050C1486 Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegOpenKeyExA.KERNEL32(?,00000E24), ref: 050C14FB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                • Opcode ID: c1523d3b0d6262d1eeaa6518b1506d48fd53071230a334b70c050e0a2c73355e
                                                                                                                                                                                • Instruction ID: 27b60cb213ec0e05fc18b4947a52f44055095997736809df7bbcaf80dded190e
                                                                                                                                                                                • Opcode Fuzzy Hash: c1523d3b0d6262d1eeaa6518b1506d48fd53071230a334b70c050e0a2c73355e
                                                                                                                                                                                • Instruction Fuzzy Hash: 1311BF76500200EFEB218F51EC81FAAFBE8EF05714F14849EEE454AA91D375A949CAA1
                                                                                                                                                                                Function 050C3F90 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ShellExecuteExW.SHELL32(?), ref: 050C3FEC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExecuteShell
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 587946157-0
                                                                                                                                                                                • Opcode ID: 09cc9a7199168c81baa4cbece0a7b5f8523752c7061d1775c894f8eefd4471a9
                                                                                                                                                                                • Instruction ID: f6376fa288c7f6f209763de6eaa02df542154b60d00801eb0e4df1463253b0f1
                                                                                                                                                                                • Opcode Fuzzy Hash: 09cc9a7199168c81baa4cbece0a7b5f8523752c7061d1775c894f8eefd4471a9
                                                                                                                                                                                • Instruction Fuzzy Hash: D71160715093809FDB12CF25DC95B56BFF8AF06221F0984EAED85CF292D275E908CB61
                                                                                                                                                                                Function 050C1D40 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileVersionInfoW.KERNELBASE(?,?,?,?), ref: 050C1DA5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileInfoVersion
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2427832333-0
                                                                                                                                                                                • Opcode ID: f564bd5464f378940dd56347dec7bc27e55d2e5626424e35fd861e62415d8142
                                                                                                                                                                                • Instruction ID: f392ef9629d2ae4405fc3c002e1a9f8dcd8488b085e39d92a35310392f916465
                                                                                                                                                                                • Opcode Fuzzy Hash: f564bd5464f378940dd56347dec7bc27e55d2e5626424e35fd861e62415d8142
                                                                                                                                                                                • Instruction Fuzzy Hash: EC118E71505780AFDB218B15EC44B66BFF8EF46610F08809EED858B653D261E808CB61
                                                                                                                                                                                Function 050C116A Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C11C6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                • Opcode ID: 89d0fff4f685dcdb29c56eb99e69107e4a3641c1eee22d5b7071426d93e8115f
                                                                                                                                                                                • Instruction ID: 70198501911013bc806e4ec2c466956ce079e2eb566a16aa24651252234cacae
                                                                                                                                                                                • Opcode Fuzzy Hash: 89d0fff4f685dcdb29c56eb99e69107e4a3641c1eee22d5b7071426d93e8115f
                                                                                                                                                                                • Instruction Fuzzy Hash: 5111E076400200AFEB21CF90DC84FAAFBE8EF44724F18849AED459F642D374A508CBB1
                                                                                                                                                                                Function 050C1097 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OutputDebugStringW.KERNEL32(?,17210305,00000000,?,?,?,?,?,?,?,?,6CEA3C58), ref: 050C1108
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugOutputString
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1166629820-0
                                                                                                                                                                                • Opcode ID: a2ae4192b256fc506f6a4672e587cf660b447802f564fc591da0ec95e547a3de
                                                                                                                                                                                • Instruction ID: 3f79b074ef9922c783dfbba5da32fd396ebe589d52614961c7bc5a1df7da7031
                                                                                                                                                                                • Opcode Fuzzy Hash: a2ae4192b256fc506f6a4672e587cf660b447802f564fc591da0ec95e547a3de
                                                                                                                                                                                • Instruction Fuzzy Hash: 1211D0718093C09FD712CF25DC85A66BFF4EF07610F0980DADD858F263D268A949CB62
                                                                                                                                                                                Function 050C2CEA Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ioctlsocket.WS2_32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C2D43
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ioctlsocket
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3577187118-0
                                                                                                                                                                                • Opcode ID: 560e775c755fd324850273a685a52f5d17b20361f41c9e92c5a8da2d0a063c54
                                                                                                                                                                                • Instruction ID: fb9ab828d5a36ea60a4e0c581c4bc729a724f62b89f4777f23e17c4b82f8f63b
                                                                                                                                                                                • Opcode Fuzzy Hash: 560e775c755fd324850273a685a52f5d17b20361f41c9e92c5a8da2d0a063c54
                                                                                                                                                                                • Instruction Fuzzy Hash: A5110675400600AFEB20CF50DC44FAAFBE8EF05724F0484AAED449FA51D374A409CBB2
                                                                                                                                                                                Function 050C288E Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryA.KERNEL32(?,00000E24), ref: 050C28F7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                                • Opcode ID: b9dc2d158dfdcb4719e4558d1ff402af24cb30ef840d4e0e5c05f0dfed47b06a
                                                                                                                                                                                • Instruction ID: bd4ee330afe6040c13070eee7ae8fd6e1377f37003bd2748bf1eafc935cac6d8
                                                                                                                                                                                • Opcode Fuzzy Hash: b9dc2d158dfdcb4719e4558d1ff402af24cb30ef840d4e0e5c05f0dfed47b06a
                                                                                                                                                                                • Instruction Fuzzy Hash: 96110475500204AFEB20DB55ED81FBAFBE8EF05724F14809AFD444EB81D3B4A949CAA5
                                                                                                                                                                                Function 050C3AB2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetAdaptersAddresses.IPHLPAPI(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C3B11
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AdaptersAddresses
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2506852604-0
                                                                                                                                                                                • Opcode ID: 97e79067358602be9473f9d93b18295603a2ba535b8af71f0a002792831795f6
                                                                                                                                                                                • Instruction ID: 5d066a59257dec75da21be36c1cda7b2b32ac2965f2f0e6549bb479dca17b476
                                                                                                                                                                                • Opcode Fuzzy Hash: 97e79067358602be9473f9d93b18295603a2ba535b8af71f0a002792831795f6
                                                                                                                                                                                • Instruction Fuzzy Hash: 4211AC72500200AFEB218F51DC84FABFBF8EF05724F04C49AEE454AA51D375E809CAB6
                                                                                                                                                                                Function 050C308A Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RasConnectionNotificationW.RASAPI32(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C30E3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ConnectionNotification
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1402429939-0
                                                                                                                                                                                • Opcode ID: ff59d94a48a1cdc9a5ee6934708a68fbaeaae9870e36e6653fb2346f3456920c
                                                                                                                                                                                • Instruction ID: b406f6b6e339ac0f9d5a62accc9b1d01cf9dc788231dce716488fa03944c877f
                                                                                                                                                                                • Opcode Fuzzy Hash: ff59d94a48a1cdc9a5ee6934708a68fbaeaae9870e36e6653fb2346f3456920c
                                                                                                                                                                                • Instruction Fuzzy Hash: 6211E176500204AFEB208F41DC85FEEFBE8EF05724F18C49AEE454B641D374A809CAB1
                                                                                                                                                                                Function 050C381A Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetNetworkParams.IPHLPAPI(?,00000E24,17210305,00000000,00000000,00000000,00000000), ref: 050C3870
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: NetworkParams
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2134775280-0
                                                                                                                                                                                • Opcode ID: f428806e6447031b202d4de251ee84d193dbd2d70585a05e24b4ff3509ea44b7
                                                                                                                                                                                • Instruction ID: e12c6df67f7d9e56ddc07a57a64301ca19d4fe25258d59d09f77f1870ebb765c
                                                                                                                                                                                • Opcode Fuzzy Hash: f428806e6447031b202d4de251ee84d193dbd2d70585a05e24b4ff3509ea44b7
                                                                                                                                                                                • Instruction Fuzzy Hash: F001C071504304AFEB21CF45DC85FAAFBE8EF45624F14C49AED058B781D378A9098AB5
                                                                                                                                                                                Function 050C1874 Relevance: 1.6, APIs: 1, Instructions: 53timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemTimeAdjustment.KERNEL32(?,?,?,17210305,00000000,?,?,?,?,?,?,?,?,6CEA3C58), ref: 050C18DA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AdjustmentSystemTime
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2260068259-0
                                                                                                                                                                                • Opcode ID: fad062fe912561a36c7f3747a1fc4ae4c23d13d2fcbc98c81a53898c9c7078ee
                                                                                                                                                                                • Instruction ID: e547b1b1a5a7dd3b407f35b2cb7c7b914af5c7e44d1cd574bef7be92052dde32
                                                                                                                                                                                • Opcode Fuzzy Hash: fad062fe912561a36c7f3747a1fc4ae4c23d13d2fcbc98c81a53898c9c7078ee
                                                                                                                                                                                • Instruction Fuzzy Hash: 6E116D715097C09FDB228B65DC44A66FFF4EF06220F0C84DAE9854F262D276A419CB62
                                                                                                                                                                                Function 050C1946 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,?,17210305,00000000,?,?,?,?,?,?,?,?,6CEA3C58), ref: 050C198B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateDirectory
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4241100979-0
                                                                                                                                                                                • Opcode ID: 7c90c9a765655823acde037e5ddc5ad0e0cf4198a8a0aa01b0fa8e33163dba4f
                                                                                                                                                                                • Instruction ID: 69c75830531b693ca8d939b5fcb2b1198bbdced666723e6f42dc8216e67206cb
                                                                                                                                                                                • Opcode Fuzzy Hash: 7c90c9a765655823acde037e5ddc5ad0e0cf4198a8a0aa01b0fa8e33163dba4f
                                                                                                                                                                                • Instruction Fuzzy Hash: D8115E716042409FEB50CF55E885B6AFBE8EF06620F0884AEED49CF692D774E448CA61
                                                                                                                                                                                Function 050C0750 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,17210305,00000000,?,?,?,?,?,?,?,?,6CEA3C58), ref: 050C07A4
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InfoSystem
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 31276548-0
                                                                                                                                                                                • Opcode ID: b76103af9e94e93b2def7dd4b7c58e5fb142162077a46236c290a2a8de83d18e
                                                                                                                                                                                • Instruction ID: 3bf1644ea27cf87d9953825ab3bcd7ddf97a83b19a54a489e2926f24fbd381a3
                                                                                                                                                                                • Opcode Fuzzy Hash: b76103af9e94e93b2def7dd4b7c58e5fb142162077a46236c290a2a8de83d18e
                                                                                                                                                                                • Instruction Fuzzy Hash: 781182718093C0AFDB12CF15DD58B56FFB4EF46220F0984DAED859F252D275A908CB62
                                                                                                                                                                                Function 050C3B86 Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 050C3BD2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Connect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3144859779-0
                                                                                                                                                                                • Opcode ID: beee9dedaf2b5250106aa9f4b38a1c0bbc4edb51ec19cae18a761273ddd5acae
                                                                                                                                                                                • Instruction ID: 9cd11b0c03907b91b2c1a5134f7d3ebb7a78e0128d0f88cf6dc33c07715c054f
                                                                                                                                                                                • Opcode Fuzzy Hash: beee9dedaf2b5250106aa9f4b38a1c0bbc4edb51ec19cae18a761273ddd5acae
                                                                                                                                                                                • Instruction Fuzzy Hash: D5114C715006409FDB20CF95E884BAAFFE4FF09210F08C89AEE458A661D335E419DB61
                                                                                                                                                                                Function 050C3E42 Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WSASend.WS2_32(?,00000E24,?,?), ref: 050C3E92
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Send
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 121738739-0
                                                                                                                                                                                • Opcode ID: 11a315809b41475dbd0c68c944acec6a3d72da05d2f7663810e315eb4545c91e
                                                                                                                                                                                • Instruction ID: 884d3d7564fe1dd68200fbd3be68aa7664ae73bd27137881eb4459a478dfadea
                                                                                                                                                                                • Opcode Fuzzy Hash: 11a315809b41475dbd0c68c944acec6a3d72da05d2f7663810e315eb4545c91e
                                                                                                                                                                                • Instruction Fuzzy Hash: B5017171900200AFD310DF16DD46B66FBE8FB88A20F14855AED489BB41D735B915CBE5
                                                                                                                                                                                Function 050C3FB2 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ShellExecuteExW.SHELL32(?), ref: 050C3FEC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExecuteShell
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 587946157-0
                                                                                                                                                                                • Opcode ID: 16f9aed183e11dea9edc49ec811f8ce260557c09e951b4ed7b297235281416d4
                                                                                                                                                                                • Instruction ID: 675625f7bf6a1e4ae9259b20fba07aa09877042e3b657812f6cff202505603a2
                                                                                                                                                                                • Opcode Fuzzy Hash: 16f9aed183e11dea9edc49ec811f8ce260557c09e951b4ed7b297235281416d4
                                                                                                                                                                                • Instruction Fuzzy Hash: 440180716042408FDB60CF65E885BAAFBE4FF05221F18C4AEDD49CF691D775E808CA61
                                                                                                                                                                                Function 050C2EFE Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FormatMessageW.KERNEL32(?,00000E24,?,?), ref: 050C2F4E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FormatMessage
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1306739567-0
                                                                                                                                                                                • Opcode ID: b785051cdb704375aa3e68299fe511712a4ca4a4422934b585ff0dba6ac37fe2
                                                                                                                                                                                • Instruction ID: 6fb036a8812e7c2879341c1eb312923bac0bd5d5e81fda1b09ad74f662240bb4
                                                                                                                                                                                • Opcode Fuzzy Hash: b785051cdb704375aa3e68299fe511712a4ca4a4422934b585ff0dba6ac37fe2
                                                                                                                                                                                • Instruction Fuzzy Hash: 8001B171900200AFD310DF16DC46B66FBE8FB88A20F14815AEC089BB41D731B915CBE1
                                                                                                                                                                                Function 050C1D62 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileVersionInfoW.KERNELBASE(?,?,?,?), ref: 050C1DA5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileInfoVersion
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2427832333-0
                                                                                                                                                                                • Opcode ID: 5e8c16097294a489ed97ecf558eb576c2c6b7b79f5c91d2de164251e817f4461
                                                                                                                                                                                • Instruction ID: fed6ef03d0a17ab8fcb588c19d58661c21d416c005c686c31a9d95f78d9bbd35
                                                                                                                                                                                • Opcode Fuzzy Hash: 5e8c16097294a489ed97ecf558eb576c2c6b7b79f5c91d2de164251e817f4461
                                                                                                                                                                                • Instruction Fuzzy Hash: 2F01DE32600A408FDB60CF56E884BAEFFE4EF05620F08C09EDD468B752D370E408CA62
                                                                                                                                                                                Function 050C1CB2 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 050C1CEF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileInfoSizeVersion
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1661704012-0
                                                                                                                                                                                • Opcode ID: b2a9c578ff9a86370d365e7ca0f56930ee1976d0bf37f8d812252d0663545b57
                                                                                                                                                                                • Instruction ID: 38966068bca5da6f0c94d6d07bc2298f4f99dab3015d03c2f4622b5539f5d71d
                                                                                                                                                                                • Opcode Fuzzy Hash: b2a9c578ff9a86370d365e7ca0f56930ee1976d0bf37f8d812252d0663545b57
                                                                                                                                                                                • Instruction Fuzzy Hash: 6A01B1719046409FDB50DF55E884B6AFFE4FF05220F0884EEDD498F342E275E404CA61
                                                                                                                                                                                Function 050C0B06 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • setsockopt.WS2_32(?,?,?,?,?), ref: 050C0B44
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: setsockopt
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3981526788-0
                                                                                                                                                                                • Opcode ID: 464b223958f8eeb6b2acc236f413da67c5e809c6c024842f8d9f74adb692daf5
                                                                                                                                                                                • Instruction ID: 657ca50ef3fc4e98831505f460a79e3e76da3d9fcb29eda7c0fec75121333ecb
                                                                                                                                                                                • Opcode Fuzzy Hash: 464b223958f8eeb6b2acc236f413da67c5e809c6c024842f8d9f74adb692daf5
                                                                                                                                                                                • Instruction Fuzzy Hash: 46018C71400240DFDB20CF95E948B6AFFE4EF05324F08849EED894E662D376A458CBA2
                                                                                                                                                                                Function 050C1F1A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VerLanguageNameW.KERNEL32(?,00000E24,?,?), ref: 050C1F6A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LanguageName
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2060303382-0
                                                                                                                                                                                • Opcode ID: 75228429f71828671191c539eb0d688d5e2c9059320d157fa088c3bff6b98c3e
                                                                                                                                                                                • Instruction ID: f1246cf82f687b32651d25a865a3f25f8023e045e48c88ae6bb12de4f64ce1e8
                                                                                                                                                                                • Opcode Fuzzy Hash: 75228429f71828671191c539eb0d688d5e2c9059320d157fa088c3bff6b98c3e
                                                                                                                                                                                • Instruction Fuzzy Hash: 59016271600600ABD310DF16DD46B66FBE8FB88A20F14815AED089BB41D775F915CBE5
                                                                                                                                                                                Function 050C13EA Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RegEnumKeyExW.KERNEL32(?,00000E24,?,?), ref: 050C143A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Enum
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2928410991-0
                                                                                                                                                                                • Opcode ID: 8df1e02d2414c8859b388962268a0b2d58ed2deb323b6fb6887a0e8d71b06e3e
                                                                                                                                                                                • Instruction ID: 75956ef0295251360b220b84ec62d1b6bc8d5820dc14b47a7ac1b21457ded1a6
                                                                                                                                                                                • Opcode Fuzzy Hash: 8df1e02d2414c8859b388962268a0b2d58ed2deb323b6fb6887a0e8d71b06e3e
                                                                                                                                                                                • Instruction Fuzzy Hash: AA01A271600200ABD310DF16DC46B66FBE8FB88A20F14815AEC089BB41D731F915CBE5
                                                                                                                                                                                Function 050C10CE Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OutputDebugStringW.KERNEL32(?,17210305,00000000,?,?,?,?,?,?,?,?,6CEA3C58), ref: 050C1108
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2216927213.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_50c0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugOutputString
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1166629820-0
                                                                                                                                                                                • Opcode ID: 2698a7e17ae88bb6b993650abe545c0bb0bc66acac67521ab763b99cd4f501fa
                                                                                                                                                                                • Instruction ID: 9338b485724bf1494f551704dc662f3fb38d834f777346f229523910186a412f
                                                                                                                                                                                • Opcode Fuzzy Hash: 2698a7e17ae88bb6b993650abe545c0bb0bc66acac67521ab763b99cd4f501fa
                                                                                                                                                                                • Instruction Fuzzy Hash: 16018B319042408FDB20DF55E885B6AFFE4EF06620F0880DEDD098B352D278E849CA62
                                                                                                                                                                                Function 07DDB9E0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl
                                                                                                                                                                                • API String ID: 0-1789346587
                                                                                                                                                                                • Opcode ID: d16716cceac09f201c3db2e39c8f3f48e8e27bcf41f5b94db77ccdf5ec2b5b04
                                                                                                                                                                                • Instruction ID: e17ca5fbe717815b8f3b521430a8862de36128c510d0980d8802368b4caec5f4
                                                                                                                                                                                • Opcode Fuzzy Hash: d16716cceac09f201c3db2e39c8f3f48e8e27bcf41f5b94db77ccdf5ec2b5b04
                                                                                                                                                                                • Instruction Fuzzy Hash: E4B19CB4200701CFCB26EF64C49996ABBF2FF89315B11856DE4868B7A4CB35EC42CB51
                                                                                                                                                                                Function 07DF9AC8 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl
                                                                                                                                                                                • API String ID: 0-1789346587
                                                                                                                                                                                • Opcode ID: e2dac263e596a1e40ec6beb7c24364e2970f1f26487a1bd543465ef77b17fa43
                                                                                                                                                                                • Instruction ID: fff26e7e1288a6127bdf722a7d62b80a08d1da4d78be2cc3c7d1aea081d31ef2
                                                                                                                                                                                • Opcode Fuzzy Hash: e2dac263e596a1e40ec6beb7c24364e2970f1f26487a1bd543465ef77b17fa43
                                                                                                                                                                                • Instruction Fuzzy Hash: E571D170B002118FCB19AB7A94687AEBBE6EFC5211B10407DE50ACB7A1DF35DC46CB91
                                                                                                                                                                                Function 07DF3A20 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: N
                                                                                                                                                                                • API String ID: 0-1130791706
                                                                                                                                                                                • Opcode ID: dc0fdd839a8b488d4ff179e2f6480bf9194d196e2e768f9d82af2a606e0a949d
                                                                                                                                                                                • Instruction ID: 028bf2510b1210e3c56b6864bcd5ec6b699b228995b4aea3da638a98189d073f
                                                                                                                                                                                • Opcode Fuzzy Hash: dc0fdd839a8b488d4ff179e2f6480bf9194d196e2e768f9d82af2a606e0a949d
                                                                                                                                                                                • Instruction Fuzzy Hash: 4461F5307042408FCB18AB79E4285AD7BE6EF8631171A84BAE549CB7A1CF35DC85CB81
                                                                                                                                                                                Function 07DD52A0 Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl
                                                                                                                                                                                • API String ID: 0-1789346587
                                                                                                                                                                                • Opcode ID: 2b3f88f4b2535975f6937d064aaf995b725017775782183059ddb9dff9a8b129
                                                                                                                                                                                • Instruction ID: fea0409cb1180d58fd78abe47fcd788ddf67dc9a7b44cf427065bdba8de58951
                                                                                                                                                                                • Opcode Fuzzy Hash: 2b3f88f4b2535975f6937d064aaf995b725017775782183059ddb9dff9a8b129
                                                                                                                                                                                • Instruction Fuzzy Hash: 0771CF71B003408FCB24AF79E8945AEBBF6AFC9210714462DE946CB7A1DF74DC458B51
                                                                                                                                                                                Function 07D9FD88 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl
                                                                                                                                                                                • API String ID: 0-1789346587
                                                                                                                                                                                • Opcode ID: fb9d096a866b3ee498fb30bf712c701fb02fc1aef7bc8167d008a936a5adefa2
                                                                                                                                                                                • Instruction ID: e6e66ddfb95d0028c1db0cc3e7142d84ace7e696c16825c9a586c5ee7a79c676
                                                                                                                                                                                • Opcode Fuzzy Hash: fb9d096a866b3ee498fb30bf712c701fb02fc1aef7bc8167d008a936a5adefa2
                                                                                                                                                                                • Instruction Fuzzy Hash: 6B410370B00251CBCB14EFBAD8095AEBBEAEFC9310B108039E55AD7751DF34C8468B91
                                                                                                                                                                                Function 07DDC5C7 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl
                                                                                                                                                                                • API String ID: 0-1789346587
                                                                                                                                                                                • Opcode ID: a6282ef816d6d2ec2a0d4c28fadbf87c5f0dd1878af980e3eb09040725c141e0
                                                                                                                                                                                • Instruction ID: 67a38de0c3aaedfe3d4874c21c30c6b6ebb8fbcbdf881c0d405164c437a55dde
                                                                                                                                                                                • Opcode Fuzzy Hash: a6282ef816d6d2ec2a0d4c28fadbf87c5f0dd1878af980e3eb09040725c141e0
                                                                                                                                                                                • Instruction Fuzzy Hash: D541C0B4A00219DFCB15DFA8D58099EFBF2FF88310B11856AE85AAB761D734E841CF51
                                                                                                                                                                                Function 07DDDEB0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: \OWl
                                                                                                                                                                                • API String ID: 0-1789346587
                                                                                                                                                                                • Opcode ID: 0764366bce206350886e57dfa725c7f6944eaae8fdc46048e79e0b5bfe95a8e6
                                                                                                                                                                                • Instruction ID: 324756bc7f1f4781563054179132ca28f6866a4f0a221d972c7fd973dc787523
                                                                                                                                                                                • Opcode Fuzzy Hash: 0764366bce206350886e57dfa725c7f6944eaae8fdc46048e79e0b5bfe95a8e6
                                                                                                                                                                                • Instruction Fuzzy Hash: A0416FB5200645CFCB25DF34D4405AAF7B2FF85315B10856EE89A8B750DB35EC52CB91
                                                                                                                                                                                Function 077512C8 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: XZ
                                                                                                                                                                                • API String ID: 0-516060682
                                                                                                                                                                                • Opcode ID: 58b1b8698242c44c0e07e12518025732ad5365ffc8637c02e40460950d7761ec
                                                                                                                                                                                • Instruction ID: cb7d2909798b956ce563f59c9118c18622f5d0b44224e5038814d6ea6de91a05
                                                                                                                                                                                • Opcode Fuzzy Hash: 58b1b8698242c44c0e07e12518025732ad5365ffc8637c02e40460950d7761ec
                                                                                                                                                                                • Instruction Fuzzy Hash: 8D3144B13002049FCB049B6DD865A6F77E6EFC9258B24867DD00ACBB51DF748D0287D1
                                                                                                                                                                                Function 07DFF3B8 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: *Wl
                                                                                                                                                                                • API String ID: 0-2944083104
                                                                                                                                                                                • Opcode ID: c24821bf82c109b1e5c2797c42f33b551430d49e153df46f45af025c97137d44
                                                                                                                                                                                • Instruction ID: 3b81df68c54ccbe24d40336106abf48480edbec34f028f35da79fcc8600c2dd6
                                                                                                                                                                                • Opcode Fuzzy Hash: c24821bf82c109b1e5c2797c42f33b551430d49e153df46f45af025c97137d44
                                                                                                                                                                                • Instruction Fuzzy Hash: 00215770705250CFCB05A77598196ECBBE6EFC6220B2540AAE401CBB92CF748C4AC7D2
                                                                                                                                                                                Function 07DF94C8 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @MWl
                                                                                                                                                                                • API String ID: 0-1944878930
                                                                                                                                                                                • Opcode ID: ca642734d6323fd54f4aa9eda95a638958f22712425bde44479b6c547a8d092a
                                                                                                                                                                                • Instruction ID: 3b2dbe475b8081a41b711ec53bb7d6cad2c932c4c868447e7028d18882d94b58
                                                                                                                                                                                • Opcode Fuzzy Hash: ca642734d6323fd54f4aa9eda95a638958f22712425bde44479b6c547a8d092a
                                                                                                                                                                                • Instruction Fuzzy Hash: 771151717041149FC7449B69D854E7ABBE9FF89221B15807AE559CB391CF30EC048760
                                                                                                                                                                                Function 07D9E818 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: %ie^
                                                                                                                                                                                • API String ID: 0-4219026057
                                                                                                                                                                                • Opcode ID: c8413262b1a19d81a9df2d73b7969c4e16a9f8c8f29aa1da5800d77385985019
                                                                                                                                                                                • Instruction ID: d18e0cb6e57d7308f0cc7c9c609f5423b6aedf9ce73cacee63cc7aeaa7143e97
                                                                                                                                                                                • Opcode Fuzzy Hash: c8413262b1a19d81a9df2d73b7969c4e16a9f8c8f29aa1da5800d77385985019
                                                                                                                                                                                • Instruction Fuzzy Hash: B40104F540D3C28FC702DBB09C65A45BFA0AF8620471D48EED4C09B5A2DE244854DB92
                                                                                                                                                                                Function 07D9BE68 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: ,)Wl
                                                                                                                                                                                • API String ID: 0-1304581141
                                                                                                                                                                                • Opcode ID: e76056a6d09dac826475b7b398b395019e32dfb4cbfb4d10bf1b7cb885d93e26
                                                                                                                                                                                • Instruction ID: cc4da68094dc3be39b801f14015242de3bad4441f1a2cfebe584c867c8dd37d7
                                                                                                                                                                                • Opcode Fuzzy Hash: e76056a6d09dac826475b7b398b395019e32dfb4cbfb4d10bf1b7cb885d93e26
                                                                                                                                                                                • Instruction Fuzzy Hash: E0119630300502CFCB18EB21E550ADAB7B3EF96708770842DD1065BE69CB71EC46DB55
                                                                                                                                                                                Function 07DF1228 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: e:e^
                                                                                                                                                                                • API String ID: 0-896021929
                                                                                                                                                                                • Opcode ID: 3a20d65de57d649a42035acef769d8d0b8a825e5fb66401319227874a6cfc6db
                                                                                                                                                                                • Instruction ID: 264dd852014ed5196aef1d92d83e4929118514f671669ffe34e22a3c5931e75e
                                                                                                                                                                                • Opcode Fuzzy Hash: 3a20d65de57d649a42035acef769d8d0b8a825e5fb66401319227874a6cfc6db
                                                                                                                                                                                • Instruction Fuzzy Hash: 390126712007005FC315E775D8818D9B7BA9FC9250320862DD2099FF11DF70EC5A83E1
                                                                                                                                                                                Function 077512B6 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: XZ
                                                                                                                                                                                • API String ID: 0-516060682
                                                                                                                                                                                • Opcode ID: 722afbcc0442af6123a102944c0c859e7bfdb0ed45a55e18148dd19b1745e461
                                                                                                                                                                                • Instruction ID: 899ab738cac0d2d45e9f2bf936d57f2b9431515eac8c29cad0bf55be9e3d4120
                                                                                                                                                                                • Opcode Fuzzy Hash: 722afbcc0442af6123a102944c0c859e7bfdb0ed45a55e18148dd19b1745e461
                                                                                                                                                                                • Instruction Fuzzy Hash: 47F0E9753042511F8705936D949499EBBEBDFCA12032A016AE508C7751DE758C0783A6
                                                                                                                                                                                Function 07DD9938 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Ul
                                                                                                                                                                                • API String ID: 0-2806431387
                                                                                                                                                                                • Opcode ID: 227a40647ff2797afe5d034ad3ce0d2a6e53a646fe9248b75b71fc9bc9d3484f
                                                                                                                                                                                • Instruction ID: 7bef3522d1cce7933a4130bf897d01ea94552519bc4d2b26305339934d765c93
                                                                                                                                                                                • Opcode Fuzzy Hash: 227a40647ff2797afe5d034ad3ce0d2a6e53a646fe9248b75b71fc9bc9d3484f
                                                                                                                                                                                • Instruction Fuzzy Hash: 61F05E72A04258AFD704CB6A9851A9EBBBAEFC5220B14C067E504D7241EB359C118B61
                                                                                                                                                                                Function 07DD7EA8 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: ,)Wl
                                                                                                                                                                                • API String ID: 0-1304581141
                                                                                                                                                                                • Opcode ID: 1bde2b45800c468c63b505c35ea16e4f604ba43ad1c5c1905cbf54b0d0150425
                                                                                                                                                                                • Instruction ID: f9305e999dfc65276e3c4d56b802683fd4e01740779ab60118a0526a84c7005b
                                                                                                                                                                                • Opcode Fuzzy Hash: 1bde2b45800c468c63b505c35ea16e4f604ba43ad1c5c1905cbf54b0d0150425
                                                                                                                                                                                • Instruction Fuzzy Hash: 42F0313521F3C18ECB19E73AA6870DC3FA06EA520472A985DE08057796CE744449CB62
                                                                                                                                                                                Function 07E14BF6 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 3
                                                                                                                                                                                • API String ID: 0-1842515611
                                                                                                                                                                                • Opcode ID: e861da448c7ce071d449a7d40203ec0230130a70448fc4e21445a82301591d25
                                                                                                                                                                                • Instruction ID: f1304fb7e3a679b8ef57e2005378f864de5fdc766d92dfc87d178650c12fd940
                                                                                                                                                                                • Opcode Fuzzy Hash: e861da448c7ce071d449a7d40203ec0230130a70448fc4e21445a82301591d25
                                                                                                                                                                                • Instruction Fuzzy Hash: AFF030B4A06149EFEB158F50D25E7AD7FF2AB46319F145419E402963D1CB784988CF40
                                                                                                                                                                                Function 07D92868 Relevance: .8, Instructions: 838COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: abf655426bd2882ae16a213a56c8380c93d0f69f48410866f0d3db95805fefa0
                                                                                                                                                                                • Instruction ID: 3d4086b3485df8948a7ad8172a29a119b1a67c03136001b09dda714c56ddec67
                                                                                                                                                                                • Opcode Fuzzy Hash: abf655426bd2882ae16a213a56c8380c93d0f69f48410866f0d3db95805fefa0
                                                                                                                                                                                • Instruction Fuzzy Hash: D462DF70B002199BCF18EBB4D8556ADBBB2BF88304F64816AD506EB790DF34DC46CB91
                                                                                                                                                                                Function 07D9A298 Relevance: .5, Instructions: 525COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ab189da6ced8df74a8852ecb2ca21a4b7cd4d5f347148d62c902e5a5e3b62ba2
                                                                                                                                                                                • Instruction ID: f44510c5ce35af8d76fd10cc3190e656fe87d3e6d1975e857652a60e3a5b1c43
                                                                                                                                                                                • Opcode Fuzzy Hash: ab189da6ced8df74a8852ecb2ca21a4b7cd4d5f347148d62c902e5a5e3b62ba2
                                                                                                                                                                                • Instruction Fuzzy Hash: A232F4B5A00229CFCB21CF54C884ADAF7B2BF89314F55C5A5D809AB215D771EE86CF90
                                                                                                                                                                                Function 07770D48 Relevance: .5, Instructions: 506COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219462517.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7770000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 30497260a302a9f71eea420c109493bd390e8abb4abd873252783544208c1594
                                                                                                                                                                                • Instruction ID: 722e61141951038b3257c02a0b9fa4b3db2a22e169369750a117ccffa68bdb99
                                                                                                                                                                                • Opcode Fuzzy Hash: 30497260a302a9f71eea420c109493bd390e8abb4abd873252783544208c1594
                                                                                                                                                                                • Instruction Fuzzy Hash: B002CFB0700205DFCF15AFA5C898A7EB7F6FF89240F608869E9069B795CB709C46CB51
                                                                                                                                                                                Function 07E12F09 Relevance: .5, Instructions: 480COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d3609972fc502e10554150672757dc987b4c1297bb3e81078cf156d45d1e2e12
                                                                                                                                                                                • Instruction ID: 9bdaba7d6aabb587153e2adfb23656f40a408db0de296cc3e6011c6f8407289c
                                                                                                                                                                                • Opcode Fuzzy Hash: d3609972fc502e10554150672757dc987b4c1297bb3e81078cf156d45d1e2e12
                                                                                                                                                                                • Instruction Fuzzy Hash: 24129CB1A01219CFDF25CF68C881ADDBBB2FF49318F1491AAD409AB251D7319D86CF91
                                                                                                                                                                                Function 07DF6CC8 Relevance: .5, Instructions: 457COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7e5321f3048dbc52b62857e0fcdfcaaf5bf580e3702a3f43d1cef4d4b056b94b
                                                                                                                                                                                • Instruction ID: ada77288ae4b3869042440c165eabe5506175faba714a72231e50592d8950f9c
                                                                                                                                                                                • Opcode Fuzzy Hash: 7e5321f3048dbc52b62857e0fcdfcaaf5bf580e3702a3f43d1cef4d4b056b94b
                                                                                                                                                                                • Instruction Fuzzy Hash: D4027A74B00205DFCB14EB79C498AADB7F2FF89214B258469E506DBB60DB32EC45CB91
                                                                                                                                                                                Function 07DF51E8 Relevance: .4, Instructions: 404COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6757d35921e8fc173a8a34205c20838945bfcaf41953986a4a696145b178549f
                                                                                                                                                                                • Instruction ID: 2c42bde3165c5e88d2163546e8571fc74fd248195a21706b7a711aa711cc2a40
                                                                                                                                                                                • Opcode Fuzzy Hash: 6757d35921e8fc173a8a34205c20838945bfcaf41953986a4a696145b178549f
                                                                                                                                                                                • Instruction Fuzzy Hash: A50216B4A00209DFCB15DF68E5849ADFBB2FB48310F258569E91AAB755C730EC91CF90
                                                                                                                                                                                Function 07DD9998 Relevance: .4, Instructions: 387COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 68d14e8017d7600aab7313a8554aa815e5f46df3029c4856e0c1a0ca7f6b448e
                                                                                                                                                                                • Instruction ID: d70adc33042d9697aaa52321eaa09f7daf83a27147edd34b5cc25f52952f6f43
                                                                                                                                                                                • Opcode Fuzzy Hash: 68d14e8017d7600aab7313a8554aa815e5f46df3029c4856e0c1a0ca7f6b448e
                                                                                                                                                                                • Instruction Fuzzy Hash: CCE15D75B00214DFDB18DBB9D869AADBBB2FF88314F148029E406AB394DF35AC45CB51
                                                                                                                                                                                Function 07DFA310 Relevance: .4, Instructions: 354COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 38923a37e64804f9f17f7d1cb55174945cf9bd54d5f7d62c2a9b5abdad7bab4b
                                                                                                                                                                                • Instruction ID: d36e79aa9e2211c26fff55c030aa3382d1ec90ec4a75ce44e4529934b9128e59
                                                                                                                                                                                • Opcode Fuzzy Hash: 38923a37e64804f9f17f7d1cb55174945cf9bd54d5f7d62c2a9b5abdad7bab4b
                                                                                                                                                                                • Instruction Fuzzy Hash: 72D18E347002058FDB18DB65D484AAEB7F6FFC9304F218429E54A9BBA4CB74EC46CB91
                                                                                                                                                                                Function 0775C218 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3a7a216330e8aff11887603e0132c172ce9636fee769f7cf6902ad53c5b23f0f
                                                                                                                                                                                • Instruction ID: feb59424b5fb39fc105948ddbd385891653296bff5e3cce7d85970239d37febc
                                                                                                                                                                                • Opcode Fuzzy Hash: 3a7a216330e8aff11887603e0132c172ce9636fee769f7cf6902ad53c5b23f0f
                                                                                                                                                                                • Instruction Fuzzy Hash: C8D14BB4701204DFCB49AB78C058A6C7BE3BF8E245B64817CD916DB7A8CF358C028B12
                                                                                                                                                                                Function 07D9B940 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 76127c25d7fc0f7cca06b1e8a1cb5636ed3373362d7d4667df56b61a6d5d5372
                                                                                                                                                                                • Instruction ID: 88ce5528bcb2b38a09e6d8a3a69dff1dba82163732bba9b2fb3d4e66b2a18c5e
                                                                                                                                                                                • Opcode Fuzzy Hash: 76127c25d7fc0f7cca06b1e8a1cb5636ed3373362d7d4667df56b61a6d5d5372
                                                                                                                                                                                • Instruction Fuzzy Hash: A9C1E1B0B006508FCB18DB75D4586AEBBE2BF89204B24857ED446CBBA1DF34DC46CB91
                                                                                                                                                                                Function 07DF9FA8 Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a804a09241d5a1b7e2af209f96f6c6be860d7b78d36992129486db737eb36aad
                                                                                                                                                                                • Instruction ID: c0dddf89644c398b0b7dc32a811bf95ce60c8cecbc9e5d4b01616529fef2004b
                                                                                                                                                                                • Opcode Fuzzy Hash: a804a09241d5a1b7e2af209f96f6c6be860d7b78d36992129486db737eb36aad
                                                                                                                                                                                • Instruction Fuzzy Hash: C3C17974700201CFCB14DF64D598AAEBBB6FF88310B248169E6069B7A5DB35EC46CB91
                                                                                                                                                                                Function 07DF6D50 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 45f45ae652603315b092fa551e862f7635f04769627dd500c0c389e7bd9e2a30
                                                                                                                                                                                • Instruction ID: d9e6d3d99350f4c13e4cf2c718f89b1b9ec033294a6ecd7fa3b415501d38f5dc
                                                                                                                                                                                • Opcode Fuzzy Hash: 45f45ae652603315b092fa551e862f7635f04769627dd500c0c389e7bd9e2a30
                                                                                                                                                                                • Instruction Fuzzy Hash: 1AB13B74B00204DFCB14EB79C598AADB7F2EF88315F658468E506AB760DB32EC81CB51
                                                                                                                                                                                Function 07D94CB0 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b5c0cbd7f41afbf53b9b72f2f360ce2902a075121972c89fc1a0bba8480d7304
                                                                                                                                                                                • Instruction ID: 95c19bffa4b625e42aad7be9303d69f8ca14bcdccf1b4068ab3dc2acd4292b06
                                                                                                                                                                                • Opcode Fuzzy Hash: b5c0cbd7f41afbf53b9b72f2f360ce2902a075121972c89fc1a0bba8480d7304
                                                                                                                                                                                • Instruction Fuzzy Hash: A89116B5B042948FCB099F74A4591EFBFF2EF89211B1484BAE946C7392DB348D46CB50
                                                                                                                                                                                Function 07DF0380 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f90c46484470a3b17c841e616433a3edec59444b0945f258a5ae20188771273f
                                                                                                                                                                                • Instruction ID: 0b513e05b8d067ce0cf9e0e2b4e03d3184e3bbaa1e44e9cf38897afee675d657
                                                                                                                                                                                • Opcode Fuzzy Hash: f90c46484470a3b17c841e616433a3edec59444b0945f258a5ae20188771273f
                                                                                                                                                                                • Instruction Fuzzy Hash: 2C9118B1B042018FCB14DB79C4806BDFBF6AF89314F16806AD645EB752EBB1DC818B91
                                                                                                                                                                                Function 077532D0 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6546349a1cee61ef952750f808fb406d3dad8c1479603a0a69448b72a447d332
                                                                                                                                                                                • Instruction ID: be5969b3fa576930ae890c4c588abfd35e0f28adf0338773ede17509ed3b4cc4
                                                                                                                                                                                • Opcode Fuzzy Hash: 6546349a1cee61ef952750f808fb406d3dad8c1479603a0a69448b72a447d332
                                                                                                                                                                                • Instruction Fuzzy Hash: B1B16B75200606CFC721CF29C88486ABBF6FF88354716CAA9D99A8B365D730F855CF80
                                                                                                                                                                                Function 07DF8DD1 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b515222a601f7e2b85d396d546f3f5e00d1870da0f280ab490efc23606caedb3
                                                                                                                                                                                • Instruction ID: 134608e32fafdba39c84a227faf8c3da13f5cee390c9c1ef9a7262df105d35fb
                                                                                                                                                                                • Opcode Fuzzy Hash: b515222a601f7e2b85d396d546f3f5e00d1870da0f280ab490efc23606caedb3
                                                                                                                                                                                • Instruction Fuzzy Hash: CF91B1707002418FCB059F79C454AAEBBF6FF89310B1980AAE909DB7A1DB35DC05CB91
                                                                                                                                                                                Function 07754278 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d4e79fef6191a6f3381a4a5df1ce236fc5edc36f23f127862ad3ae42517fd3e5
                                                                                                                                                                                • Instruction ID: 2ff201a743a345beebd44597ff28d2ab772b25c9d0a96d35bb6cf2358ae28b70
                                                                                                                                                                                • Opcode Fuzzy Hash: d4e79fef6191a6f3381a4a5df1ce236fc5edc36f23f127862ad3ae42517fd3e5
                                                                                                                                                                                • Instruction Fuzzy Hash: C8A1DF757002499FCB14DF68D884AAEBBF2FF89350F148469E916DB360CB34D946CB90
                                                                                                                                                                                Function 07DF3C78 Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 67f57fa94eb255c016ae9f79efd184af44e792f385ec7db252130af0dbaa357b
                                                                                                                                                                                • Instruction ID: 9d789d62c66cebf62e31f6763ad1f721b9165e4e555744fa89760dccdec3fe83
                                                                                                                                                                                • Opcode Fuzzy Hash: 67f57fa94eb255c016ae9f79efd184af44e792f385ec7db252130af0dbaa357b
                                                                                                                                                                                • Instruction Fuzzy Hash: 82A19E74704240CFDB2AAB64D158A2DBBB2FF85725F16846EE5478B7A0CB38DC42CB45
                                                                                                                                                                                Function 07DF80A0 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 882316205be97fb7861dff60372e0bd3b909e6ed515f9f72a1d9862c6047f91c
                                                                                                                                                                                • Instruction ID: bd73cefeb43240e34720739a8f5c23b75839725fb55a0628a91cb737a1de7ea5
                                                                                                                                                                                • Opcode Fuzzy Hash: 882316205be97fb7861dff60372e0bd3b909e6ed515f9f72a1d9862c6047f91c
                                                                                                                                                                                • Instruction Fuzzy Hash: 6D916F75B00204CFCB15DFA9C848AAEBBF2EF88310B158169E605DB761DB30DC45DB92
                                                                                                                                                                                Function 07D95EF0 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ae5751189381a7bf30b7e947e13716bb2403257d4d09b305fb49a029e92e82d6
                                                                                                                                                                                • Instruction ID: 4950443ab2f970869e6582dfa60fb78335e7ea4cfbb0d05ac7890f880d21afdb
                                                                                                                                                                                • Opcode Fuzzy Hash: ae5751189381a7bf30b7e947e13716bb2403257d4d09b305fb49a029e92e82d6
                                                                                                                                                                                • Instruction Fuzzy Hash: 52A11B75700205CFCB14EF65D8999AEF7B2FF88200B54856CE50AAB7A5DB30EC45CBA0
                                                                                                                                                                                Function 07DF6DCE Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 130ec3dd8423b3f2ea5c0a64bdee87e090941f48cb2727278bce8880ec32a6b6
                                                                                                                                                                                • Instruction ID: 4602e482d432ad66b99c39ee5838430c8ad76621dc3d9a93ff164ee11b474140
                                                                                                                                                                                • Opcode Fuzzy Hash: 130ec3dd8423b3f2ea5c0a64bdee87e090941f48cb2727278bce8880ec32a6b6
                                                                                                                                                                                • Instruction Fuzzy Hash: 34A15A74B00204DFDB14EB74D598AACB7F2EF88314F658468E506AB7A0DB36DC81CB51
                                                                                                                                                                                Function 07DF6DF5 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 06bf8c01b63cfc1a3d00a880ff893c9120188272328d0b1d1795770ca4e3064a
                                                                                                                                                                                • Instruction ID: 1629f7f1d658eb08e12ddee60c6c2fb21f319617dd75203cd4e037178cab2180
                                                                                                                                                                                • Opcode Fuzzy Hash: 06bf8c01b63cfc1a3d00a880ff893c9120188272328d0b1d1795770ca4e3064a
                                                                                                                                                                                • Instruction Fuzzy Hash: 63A15A74B00204DFDB14EB74D598AACB7F2EF88314F658468E506AB7A0DB36EC81CB51
                                                                                                                                                                                Function 07DD93D0 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 137da784ef26136d7816e878de5a2fc787e39274eba792bbe37b0a76039b0202
                                                                                                                                                                                • Instruction ID: 9191b1254b0d4363bb2965cbbda9a6fe39417dd2907f157ca7ed714687827321
                                                                                                                                                                                • Opcode Fuzzy Hash: 137da784ef26136d7816e878de5a2fc787e39274eba792bbe37b0a76039b0202
                                                                                                                                                                                • Instruction Fuzzy Hash: BC81C2717002008FCB19AB75D4689AEBBE6FF89310B24806EE546CB7A1CF36DC46CB51
                                                                                                                                                                                Function 07DD60A0 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7f030557496561a842d47a8c6a994e8599457e58d2c83d4a0236489acb151acb
                                                                                                                                                                                • Instruction ID: 4a312996314e22cf4f9048694c3118dc3ffb8a65b8c84f2135a45947e71d97a4
                                                                                                                                                                                • Opcode Fuzzy Hash: 7f030557496561a842d47a8c6a994e8599457e58d2c83d4a0236489acb151acb
                                                                                                                                                                                • Instruction Fuzzy Hash: B691BE34700241CFCB19AB75D4596AD7BF7FF89214B248129E4068BBA5DF38DC4ACB92
                                                                                                                                                                                Function 07757758 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 59c41c333c3e8f5b117a11ceb8a2885449ef99dc3d82287bc9ed8baf89180a70
                                                                                                                                                                                • Instruction ID: 1dafa5c3499c8d0fc9789f085afad853432141c0f4fed9f12a0e35b418d44d70
                                                                                                                                                                                • Opcode Fuzzy Hash: 59c41c333c3e8f5b117a11ceb8a2885449ef99dc3d82287bc9ed8baf89180a70
                                                                                                                                                                                • Instruction Fuzzy Hash: 06919FB4B002018FDB18DB64C154BAEB7F2EF88298F148468DC46AB794DB79DD45CBE1
                                                                                                                                                                                Function 07DFAEE8 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c1345cb8b805f78b303ff1d802b623dcc4d36c5ada39f8400499bc69492a4c9e
                                                                                                                                                                                • Instruction ID: ac38243bfe391054a65d616f1ccee8d81f3b6feb4665731fc94ec59d79cbae9a
                                                                                                                                                                                • Opcode Fuzzy Hash: c1345cb8b805f78b303ff1d802b623dcc4d36c5ada39f8400499bc69492a4c9e
                                                                                                                                                                                • Instruction Fuzzy Hash: DB91A375A00114CFCB14DB69C49899DFBF6FF8C225B1A8069E905AB365CB35EC42CFA1
                                                                                                                                                                                Function 07DF7D08 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e79dc5c4ac9cee69d399e001e1a785eecef6763d3abf3c3b090f13968075fd28
                                                                                                                                                                                • Instruction ID: 3d957740b4f12479f4de5dbe2f3705d0e315c3d1d7b05cc9c833b5d33cb0b12a
                                                                                                                                                                                • Opcode Fuzzy Hash: e79dc5c4ac9cee69d399e001e1a785eecef6763d3abf3c3b090f13968075fd28
                                                                                                                                                                                • Instruction Fuzzy Hash: 86914674700204CFCB18DF39C498AAABBF6BF89215B61446DE946DB7A0DB35EC45CB50
                                                                                                                                                                                Function 07DF1738 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6a9ba63cf691f45417974f3c74688742a2a0fc7c58f1c6210c89bf3eea95fa81
                                                                                                                                                                                • Instruction ID: c35b352c045d37d6d75eea83121c72cabe32b901ca15885d6c30b49008ecc440
                                                                                                                                                                                • Opcode Fuzzy Hash: 6a9ba63cf691f45417974f3c74688742a2a0fc7c58f1c6210c89bf3eea95fa81
                                                                                                                                                                                • Instruction Fuzzy Hash: 5881AE74A00208DFCB14DFA5D884AADBBF2FF88304B24852DE546AB764DB319D46CB41
                                                                                                                                                                                Function 07DF4000 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 52603838c00c748bc8235569a4f793a3c94589344b4d19121f65da6f0e189d1f
                                                                                                                                                                                • Instruction ID: 9401b66b66cd019501889a02ce47b01c61edbd9e5c7cd33669d67d2ad5696a10
                                                                                                                                                                                • Opcode Fuzzy Hash: 52603838c00c748bc8235569a4f793a3c94589344b4d19121f65da6f0e189d1f
                                                                                                                                                                                • Instruction Fuzzy Hash: 5B811770600682DFDB22DB68D884B6AFBF5FF85318F268569E5559B651C730FC41CB80
                                                                                                                                                                                Function 07D968B0 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e92565ea6b54c2ec14efefda9bde666df850a7d83390fa36069d79a04083d5cd
                                                                                                                                                                                • Instruction ID: 921fb025e9950b4516c596f26f6dd91df51b5953dda350f343b2e30184f0b824
                                                                                                                                                                                • Opcode Fuzzy Hash: e92565ea6b54c2ec14efefda9bde666df850a7d83390fa36069d79a04083d5cd
                                                                                                                                                                                • Instruction Fuzzy Hash: 8B719EB0B00211CFCB15AB79D1586ADFBE6AF89724B19407AE902EB350EF75DC01CB91
                                                                                                                                                                                Function 07DFAED9 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 81a857845112aaf00fdd55a7bb75adc790af3acaf33881d514f9948060ccfa28
                                                                                                                                                                                • Instruction ID: 8401835ec49557ed9951bd68dd74c5203e3a62f97d930035b0cb3e4f528f4c78
                                                                                                                                                                                • Opcode Fuzzy Hash: 81a857845112aaf00fdd55a7bb75adc790af3acaf33881d514f9948060ccfa28
                                                                                                                                                                                • Instruction Fuzzy Hash: 3091C4B5A00214CFCB14DF64C49999DFBF2FF8D225B1A8069D905AB364CA35EC42CFA0
                                                                                                                                                                                Function 07D9C470 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: aa184e77212421a60e223d9059e1e546de17b60e5b3100350d81b4787ffcb305
                                                                                                                                                                                • Instruction ID: 030a08bd717039e231e5cc5cdfd56ade13912bdb60c09dfd247f81cd48b299cb
                                                                                                                                                                                • Opcode Fuzzy Hash: aa184e77212421a60e223d9059e1e546de17b60e5b3100350d81b4787ffcb305
                                                                                                                                                                                • Instruction Fuzzy Hash: E2711874700342CFCB14DB78D4555ADFBF2AF89208B14866ED14A9BB96DB30EC46CBA1
                                                                                                                                                                                Function 07DF6E97 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2cf79f8c38952ae67d3c8b844f4231722c339e2acfb4de6e160ba60fb2031be2
                                                                                                                                                                                • Instruction ID: 2e129a64ccb453281afa85b0bb0acc5cf78911cb976d90f8ec0074674420b7d2
                                                                                                                                                                                • Opcode Fuzzy Hash: 2cf79f8c38952ae67d3c8b844f4231722c339e2acfb4de6e160ba60fb2031be2
                                                                                                                                                                                • Instruction Fuzzy Hash: C3816C74B00204DFDB14EB74D598AACB7F2EF88315F658468E506AB7A0DB32EC85CB51
                                                                                                                                                                                Function 07DF6EBE Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a443ba416919ea49f11d85d091b4d75feee01dafb32fba7159e944f50d475b1a
                                                                                                                                                                                • Instruction ID: 0bcd30411587e9618b21494642610ee2153164feb017b07ef2551a96f0fd486e
                                                                                                                                                                                • Opcode Fuzzy Hash: a443ba416919ea49f11d85d091b4d75feee01dafb32fba7159e944f50d475b1a
                                                                                                                                                                                • Instruction Fuzzy Hash: 54816A74B00204DFDB14EB74D598AACB7F2EF88315F658468E506AB7A0DB32EC85CB51
                                                                                                                                                                                Function 07DF51D8 Relevance: .2, Instructions: 205COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 45bba1c15b60816eb0a4c1064554761ac5ca68497e17567e41330447d1ba6c9c
                                                                                                                                                                                • Instruction ID: 534236dfb450ab5fb0b7ffbc27f900500c788762a2e7c1eaf666333832b5d51f
                                                                                                                                                                                • Opcode Fuzzy Hash: 45bba1c15b60816eb0a4c1064554761ac5ca68497e17567e41330447d1ba6c9c
                                                                                                                                                                                • Instruction Fuzzy Hash: 4C9114B4A0020ACFCB14DF59E584AADFBF2FB49300F268559D91AAB611D330ED91CF90
                                                                                                                                                                                Function 07D9B6F8 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c485da0e23ecce7e78cc7757d10e806291fc20675e132bf513e335376616fde0
                                                                                                                                                                                • Instruction ID: 2e83d4f396a34e36b03fd76438aebd9bc4c22758670283c2d1330a3f9ddf976e
                                                                                                                                                                                • Opcode Fuzzy Hash: c485da0e23ecce7e78cc7757d10e806291fc20675e132bf513e335376616fde0
                                                                                                                                                                                • Instruction Fuzzy Hash: 7851E0B07002009FEB58AB79A855B6EB7E7AFC9250F24803DE505DB791DF31CC4287A1
                                                                                                                                                                                Function 07DD77B8 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ded441ce39c39f7fc0e6355074a52c82737ffef47d312471d44fb0cc262ed561
                                                                                                                                                                                • Instruction ID: 831a4b0812754f75f04e44384b914799587f3b7ca88618f6a49869317617a6fb
                                                                                                                                                                                • Opcode Fuzzy Hash: ded441ce39c39f7fc0e6355074a52c82737ffef47d312471d44fb0cc262ed561
                                                                                                                                                                                • Instruction Fuzzy Hash: 1761E071B00205DFCB159F65D858AAEBBF6FF89320F1480A9E8569B7A1CB34DC05CB91
                                                                                                                                                                                Function 07D9ED69 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 74afa63ea02be5bc40ab28f2a297a8c98d8d838caf948f9af5b78d9c694fdf23
                                                                                                                                                                                • Instruction ID: 0c6fd6c4a84be4e165d33a774715112f05bb325548dad590afaebcebbf17cbf0
                                                                                                                                                                                • Opcode Fuzzy Hash: 74afa63ea02be5bc40ab28f2a297a8c98d8d838caf948f9af5b78d9c694fdf23
                                                                                                                                                                                • Instruction Fuzzy Hash: B18139B5A00216CFDF14DF65C588BAAFBB2FF48315F58856AE841D7291EB34E881CB50
                                                                                                                                                                                Function 07D92378 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f6b1ece25809e956651f203892756bc511cebf3520165941ccd68d9ac2147fec
                                                                                                                                                                                • Instruction ID: 865347dae25041b40a6535203cfdc6ebadcc1958dcf00ce3517dcf189144366f
                                                                                                                                                                                • Opcode Fuzzy Hash: f6b1ece25809e956651f203892756bc511cebf3520165941ccd68d9ac2147fec
                                                                                                                                                                                • Instruction Fuzzy Hash: AF61CB74B00210AFDB18AB79E4A86ADBBE6BF89310F10447DE906D7390DF399C45CB90
                                                                                                                                                                                Function 07D9E8A8 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 812c6056abf987660b270fa3f1dd508306a3124e7d19cafba7f8135582b01029
                                                                                                                                                                                • Instruction ID: 8855c655169f41323c6b96b27131feb96c247d8e155401b36f3716dffb72fc92
                                                                                                                                                                                • Opcode Fuzzy Hash: 812c6056abf987660b270fa3f1dd508306a3124e7d19cafba7f8135582b01029
                                                                                                                                                                                • Instruction Fuzzy Hash: 55714C75A0021ADFDF18DF60C859AEDBBB2FB48300F0085A9E506A7291DF749E89CF50
                                                                                                                                                                                Function 07DD1C80 Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 65ce251ce810e5aba74bcba44c98935c34bc1867d03df22a1b89915cd206c8af
                                                                                                                                                                                • Instruction ID: a1d234e3d82a131a70e69ea24777cf5276b43669b160b496de959a359fca81af
                                                                                                                                                                                • Opcode Fuzzy Hash: 65ce251ce810e5aba74bcba44c98935c34bc1867d03df22a1b89915cd206c8af
                                                                                                                                                                                • Instruction Fuzzy Hash: 63615670700211CFC709AB38D468569BBF6FF8A31572545AAE446CB7A2DF36DC86CB41
                                                                                                                                                                                Function 07757748 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ac2aa9c85b4253a04ef63e85cdea17b8d6bbd9dfa9d04b93f0cc5fde8d7cf6e7
                                                                                                                                                                                • Instruction ID: 2917a49ee1c22d5a89c2b4fe6e8fe01b2d09e51cd1bc1578b889ec046269c3f3
                                                                                                                                                                                • Opcode Fuzzy Hash: ac2aa9c85b4253a04ef63e85cdea17b8d6bbd9dfa9d04b93f0cc5fde8d7cf6e7
                                                                                                                                                                                • Instruction Fuzzy Hash: EC6180B4B002018FCB18DB75D594ABEB7E2EF88294F148469CC06AB794EB74DD45CBE1
                                                                                                                                                                                Function 07DD1930 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1c32d22cde8e978124d9a88af4948f336a0f2aab961556f3eb0d2dd6951c3715
                                                                                                                                                                                • Instruction ID: 1ac341075a54e26e5b735e93970dc05318da1db41b4cff331dd25e3ce76e5b7e
                                                                                                                                                                                • Opcode Fuzzy Hash: 1c32d22cde8e978124d9a88af4948f336a0f2aab961556f3eb0d2dd6951c3715
                                                                                                                                                                                • Instruction Fuzzy Hash: EB616970A00219DFDB18DFA9D558AADBBB6FF89300F258069E506EB360DB359D46CF40
                                                                                                                                                                                Function 07DFAF75 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7dd7a070e97fc0f9a9e4d2c15d915e32646ff3a9d8383855dbb23eff31e25968
                                                                                                                                                                                • Instruction ID: 0ef62f6649566b5603546d2a9cfe9ada3ebf1a0ac7e21f4a74723d47769cfbbd
                                                                                                                                                                                • Opcode Fuzzy Hash: 7dd7a070e97fc0f9a9e4d2c15d915e32646ff3a9d8383855dbb23eff31e25968
                                                                                                                                                                                • Instruction Fuzzy Hash: E271B6B5A00214CFCB14DF64D45899DF7F2FF89225B1A8069E905AB360DB35EC42CFA0
                                                                                                                                                                                Function 07D94478 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ea72adbff42bbae9c0e7e5d45c98c6a679db3757e2ddafe734857623212161cf
                                                                                                                                                                                • Instruction ID: e07f7917263729f2ef2e93fa63e87e8e9f1dc6957c72771497490a60acf4afda
                                                                                                                                                                                • Opcode Fuzzy Hash: ea72adbff42bbae9c0e7e5d45c98c6a679db3757e2ddafe734857623212161cf
                                                                                                                                                                                • Instruction Fuzzy Hash: B051CFB4B042458FCB149FB5E8585AEBBF2EF89211B10447EE602D7391DB74D846CBA0
                                                                                                                                                                                Function 07DD2CB0 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f26500a0876bab6963c110af8560d9d06c3aa06a26ff84c0bb56f93bc0c7c1c7
                                                                                                                                                                                • Instruction ID: 45db3b38e6d1eca2d6162609301690712c80bda14ba3b1d9018400da4ea2d0f9
                                                                                                                                                                                • Opcode Fuzzy Hash: f26500a0876bab6963c110af8560d9d06c3aa06a26ff84c0bb56f93bc0c7c1c7
                                                                                                                                                                                • Instruction Fuzzy Hash: 17512A75A102099FDB14DFA4C494BEDBBF2BF88314F184469E805EB390DB35AC45DBA0
                                                                                                                                                                                Function 07770AF8 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219462517.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7770000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4533cc6bff552d2bcf6fe32965ab879825e80fca181a95054f5c278609bf72fd
                                                                                                                                                                                • Instruction ID: ec81a3b5010b1bcb9e5008a8333e12ab9fa96cc3457b7339eda0f1ca40f9838c
                                                                                                                                                                                • Opcode Fuzzy Hash: 4533cc6bff552d2bcf6fe32965ab879825e80fca181a95054f5c278609bf72fd
                                                                                                                                                                                • Instruction Fuzzy Hash: 6551FF74B002059FCF159B68C858AADBBF2FF89344F148469E506AB3A1CB71DC46CB51
                                                                                                                                                                                Function 07DD3320 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 407043cd775f6026d0e2b3b771b7e683cbb01280b41e4ad2e19b767013e45845
                                                                                                                                                                                • Instruction ID: 75caa3f10d9f6eb5f7ae18384571d2175aa39a2d4458c601bf489269af525190
                                                                                                                                                                                • Opcode Fuzzy Hash: 407043cd775f6026d0e2b3b771b7e683cbb01280b41e4ad2e19b767013e45845
                                                                                                                                                                                • Instruction Fuzzy Hash: 0F5118B4A00215CFCB19DF79D994AADBBF2BF88315F144069E806AB760DB35EC85CB41
                                                                                                                                                                                Function 07DD2A88 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f1df7a784baf08701db010a6573ef58eccf620a33eae8f43a4dbbff8e7695108
                                                                                                                                                                                • Instruction ID: 6e0111cf3ab9831b1daa018307b7eba0a4499b2f35c2a17fbb590a509b270604
                                                                                                                                                                                • Opcode Fuzzy Hash: f1df7a784baf08701db010a6573ef58eccf620a33eae8f43a4dbbff8e7695108
                                                                                                                                                                                • Instruction Fuzzy Hash: 9E518C70310202DFCB099F68C454BAABBE2FF89314F148169E8458B3A5DB79ED55CB91
                                                                                                                                                                                Function 07DF1050 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9c464cbb22a8f0e0b821b70badd3f305f12d9e7a0c2b8ff0256e30706af3ff26
                                                                                                                                                                                • Instruction ID: de8873d6a3b6baa6f004525f8efd780c5229bbb1c8bae2267a132fe8c3f79fcf
                                                                                                                                                                                • Opcode Fuzzy Hash: 9c464cbb22a8f0e0b821b70badd3f305f12d9e7a0c2b8ff0256e30706af3ff26
                                                                                                                                                                                • Instruction Fuzzy Hash: C351A174B00109CFCB14EBA4D859AEEBBF6EF88210F144469E605EB351DF329D05CBA1
                                                                                                                                                                                Function 07D93B70 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 082c850243498e591744dff222e3558e5090fafbdfb6de749c2ac75d859a0d28
                                                                                                                                                                                • Instruction ID: b9f4260e2dd1ba49ab739bd842765479ab1587067c8d264f0ba589d3ed0a30be
                                                                                                                                                                                • Opcode Fuzzy Hash: 082c850243498e591744dff222e3558e5090fafbdfb6de749c2ac75d859a0d28
                                                                                                                                                                                • Instruction Fuzzy Hash: 9251BF307006058FCB14EBB5D8555EEB7F6AFC8204724862DD50AABB94DF70EC0A9792
                                                                                                                                                                                Function 07D93B60 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7efa72416121357b6d7a3c1350afc08f8aa57f9a851c89f238af88a83fbd479a
                                                                                                                                                                                • Instruction ID: 5c70497b1d41ccf80371c59e2d38d5a6c9fcd14b24e0280e20068ebb56ad54ac
                                                                                                                                                                                • Opcode Fuzzy Hash: 7efa72416121357b6d7a3c1350afc08f8aa57f9a851c89f238af88a83fbd479a
                                                                                                                                                                                • Instruction Fuzzy Hash: B451BE303006018FC714EB75D8959EEB7F6AFC82187248A2DD14A9FB94DF70EC0A9792
                                                                                                                                                                                Function 07770AD1 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219462517.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7770000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b9b47a2fd47dc4adb1c69aa1c1a4d6224e014e92dbaf2ef3035eee7d6a20cba6
                                                                                                                                                                                • Instruction ID: cf11f72b197ee1bbeba194b0b4f4e09649f0352b8d02d219efd8c93ea85679cf
                                                                                                                                                                                • Opcode Fuzzy Hash: b9b47a2fd47dc4adb1c69aa1c1a4d6224e014e92dbaf2ef3035eee7d6a20cba6
                                                                                                                                                                                • Instruction Fuzzy Hash: 205107B1A04341AFCF168B68C8147ADBFB2FF8B344F15846AE105DB3A2CB759856CB51
                                                                                                                                                                                Function 07D97AF0 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 75740f6b45864d1e94579ff643917259ca7a73b7d2296a8d481b6d8e7042bc4d
                                                                                                                                                                                • Instruction ID: a46d01a3bef3f02ed0af449665facd12b1ebb8a11e520db78be0d9d6aee0e57d
                                                                                                                                                                                • Opcode Fuzzy Hash: 75740f6b45864d1e94579ff643917259ca7a73b7d2296a8d481b6d8e7042bc4d
                                                                                                                                                                                • Instruction Fuzzy Hash: 6E410071700154DFCB09ABB9E8591EE7BE6EFC8321B144026EA06CB391DF398C46C761
                                                                                                                                                                                Function 07DF0C41 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d5d195c6badbc5e6f09499e8b3c29ee8a375ccdb4006d5d9d567dd8c296a2cf8
                                                                                                                                                                                • Instruction ID: 277a2a3897da306cfff1ef1880fec65fe6767628fdff0f43af684059412739ef
                                                                                                                                                                                • Opcode Fuzzy Hash: d5d195c6badbc5e6f09499e8b3c29ee8a375ccdb4006d5d9d567dd8c296a2cf8
                                                                                                                                                                                • Instruction Fuzzy Hash: 31517635E00219DFCB05DFA9D8448DDBBF2FF89210B1580AAE605FB661DB30AD05CBA1
                                                                                                                                                                                Function 07D9E8A1 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 290995261a45a02e38654703049e96b49083af69d72c1d23802bbbb067fddaf0
                                                                                                                                                                                • Instruction ID: 6312ca29ba284741279326821617a30f6f42c79fc125bfbf9c777e60d346b91d
                                                                                                                                                                                • Opcode Fuzzy Hash: 290995261a45a02e38654703049e96b49083af69d72c1d23802bbbb067fddaf0
                                                                                                                                                                                • Instruction Fuzzy Hash: 3D515C75A0021ADFDF18DF60C955BEDBBB2BF44300F0084A9E906AB251DB749E89DF90
                                                                                                                                                                                Function 07DF82B0 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 483c5e062cee92ccae708665c9497417cc4c0a7f40653c3fad7599b14ab1f82f
                                                                                                                                                                                • Instruction ID: f57ff05dee7bef2705926a465b3bd5044b14635f8452fadb788b81316989b99c
                                                                                                                                                                                • Opcode Fuzzy Hash: 483c5e062cee92ccae708665c9497417cc4c0a7f40653c3fad7599b14ab1f82f
                                                                                                                                                                                • Instruction Fuzzy Hash: FA519075B002149FCB14EFA9D855AAFBBF6EF88700F144469E605DB7A0CB359D01CB92
                                                                                                                                                                                Function 07DD2F18 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8936edfe4855cab69ffeb87676264e05d73cdd5b855510c254e712c960c69f7b
                                                                                                                                                                                • Instruction ID: 664a7c23f6e96654a93d0b663767ad89a1784d8e76550783b34a9f9d81e950a7
                                                                                                                                                                                • Opcode Fuzzy Hash: 8936edfe4855cab69ffeb87676264e05d73cdd5b855510c254e712c960c69f7b
                                                                                                                                                                                • Instruction Fuzzy Hash: D5411275700200DFDB049BB8D8106A9BBA6EFCA324F24826AEA15DB7A1CF31CC45C752
                                                                                                                                                                                Function 07DD4DA8 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 588329dc23d671726cb07b3ab77fc1c83f8a9435ba2832240b706dd2a6a0d8c5
                                                                                                                                                                                • Instruction ID: 65fbd54b5b76c357eb2efaa8e8128dd9401f45a83df6517271e8213c30eae3ac
                                                                                                                                                                                • Opcode Fuzzy Hash: 588329dc23d671726cb07b3ab77fc1c83f8a9435ba2832240b706dd2a6a0d8c5
                                                                                                                                                                                • Instruction Fuzzy Hash: AE515974A00205DFCB14DF69C49499EFBF6EF88314B248569E9169B764CB31EC86CB90
                                                                                                                                                                                Function 07E14750 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ced8918382a1e24ff3f655beacdcc43aa7a0c2609d209fb927195eb85bf1a7e8
                                                                                                                                                                                • Instruction ID: 336a78fb10d73dd91a9095e05e78642acab029c13835425a40761b664815ba43
                                                                                                                                                                                • Opcode Fuzzy Hash: ced8918382a1e24ff3f655beacdcc43aa7a0c2609d209fb927195eb85bf1a7e8
                                                                                                                                                                                • Instruction Fuzzy Hash: 8F41CDB951F3C18FCB13933598226C47F709B53208B0A91DBE494CF6F7C129898AC7A2
                                                                                                                                                                                Function 07D9CE41 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f75626d008357a176e1ca9d2134110a3fa0a49e9e3bfe2cf9a4b5709fb2260c2
                                                                                                                                                                                • Instruction ID: 5119348b6052e6bef1b134c2333a33e3f30cea371d90acc3b6a76a6dad9bdb62
                                                                                                                                                                                • Opcode Fuzzy Hash: f75626d008357a176e1ca9d2134110a3fa0a49e9e3bfe2cf9a4b5709fb2260c2
                                                                                                                                                                                • Instruction Fuzzy Hash: A5411E707043519FCB15DB79D8544AEBBF6EF8A20430484AAE489DB791EB34DD06CB90
                                                                                                                                                                                Function 07770918 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219462517.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7770000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 49ef5225e5c0b386513c6e50e0795bea599a353ac3e8daddf363d64d0b4ece3f
                                                                                                                                                                                • Instruction ID: 78823afd035cc01160144176ddf46ce35bed1f4be82b6aa434d37c2160908f6f
                                                                                                                                                                                • Opcode Fuzzy Hash: 49ef5225e5c0b386513c6e50e0795bea599a353ac3e8daddf363d64d0b4ece3f
                                                                                                                                                                                • Instruction Fuzzy Hash: 3641E770B052559FCB11CF69C448A6ABBF9FF8A350F05847AE409DB361C635DC04CB61
                                                                                                                                                                                Function 07DF8F37 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e77ed28ccc5e98e97bf97ab9c32670703e8398d04d19981cd4de626a3a3ac055
                                                                                                                                                                                • Instruction ID: 7830735eb527908f99f07464c8b010fda89b02edf04ce831612d5b5402307a57
                                                                                                                                                                                • Opcode Fuzzy Hash: e77ed28ccc5e98e97bf97ab9c32670703e8398d04d19981cd4de626a3a3ac055
                                                                                                                                                                                • Instruction Fuzzy Hash: 06413F70B001419FCB04DF79C464AAEBBE6BF89200B55806DE94ADB7A1DB35DC45CB51
                                                                                                                                                                                Function 07DF0730 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2e0739b3e2d59e63f1b62e0d42e2ae2dd47002917dcbc18031c1f3b6fe06df7f
                                                                                                                                                                                • Instruction ID: 5c68c159869460706703f6b9ff30f65229c6dbfdf972b1ca4914564c122d4c5d
                                                                                                                                                                                • Opcode Fuzzy Hash: 2e0739b3e2d59e63f1b62e0d42e2ae2dd47002917dcbc18031c1f3b6fe06df7f
                                                                                                                                                                                • Instruction Fuzzy Hash: 4C518EB0B00205DFDB09EF69D5496ADBBF2AF88304F148029E506DB7A2DB748845CF91
                                                                                                                                                                                Function 07E15F50 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f3cd8809e2d5b6a450d5cf78013fb14a00a24f7d70a0f8c5a98e8866399e2dcc
                                                                                                                                                                                • Instruction ID: 882976504bb7e0cbe17b29753a1a9d4f9414cc853f484b12b25e6331e510f82a
                                                                                                                                                                                • Opcode Fuzzy Hash: f3cd8809e2d5b6a450d5cf78013fb14a00a24f7d70a0f8c5a98e8866399e2dcc
                                                                                                                                                                                • Instruction Fuzzy Hash: 7C41C0707006418FCB25EB79C0597AEBBE2AF8830CF04416DD0069BB91DF75A989CBD2
                                                                                                                                                                                Function 07770FC4 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219462517.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7770000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 133a43918bfaadd6d4dee7dc904be7eb730991cd53b253ade62eb5b03f4bd2c6
                                                                                                                                                                                • Instruction ID: 96dc1d0e05d347d6f6553d10f6d6c36c58a586d9eb7c9bf39c1039924fb7c13f
                                                                                                                                                                                • Opcode Fuzzy Hash: 133a43918bfaadd6d4dee7dc904be7eb730991cd53b253ade62eb5b03f4bd2c6
                                                                                                                                                                                • Instruction Fuzzy Hash: 4341E7B07143499FCF111AA588A563E7AEABFCA241F64447EDA02DB791CEB5CC06C712
                                                                                                                                                                                Function 07DD237A Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 11aea55d479058f33be1b9f687e57b160e19c078b4f1f7b92fdd25abef0c7467
                                                                                                                                                                                • Instruction ID: a6ce1ad7fd6321d86ccd86e28920f7c4ad6075f37216325101f029c0066a14d8
                                                                                                                                                                                • Opcode Fuzzy Hash: 11aea55d479058f33be1b9f687e57b160e19c078b4f1f7b92fdd25abef0c7467
                                                                                                                                                                                • Instruction Fuzzy Hash: BF514A30A00209DFCF05DFA4C998ADDBBB6FF49314F1080A9E806AF265DB75AD45CB90
                                                                                                                                                                                Function 07DD3C60 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 55ac99b52492e68587be9bead9c494c3f066934cc7d69f54661e08650f897379
                                                                                                                                                                                • Instruction ID: a88ff5b86a5ba048e3730254e9e350ec863c663e948e6a1b8ea9758f7d688714
                                                                                                                                                                                • Opcode Fuzzy Hash: 55ac99b52492e68587be9bead9c494c3f066934cc7d69f54661e08650f897379
                                                                                                                                                                                • Instruction Fuzzy Hash: C241E376B00205CFCB159B68E8546EEFBE6EBC8225F14446AD409D7750DF31DC058BA1
                                                                                                                                                                                Function 07D9DDB0 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 88bc9be6d1f2bb383f6b3bbfedfd7704213ee3c944e90256fbf59a8d794602a1
                                                                                                                                                                                • Instruction ID: 15296423a7f788d1294e5be4518ef623c31c31fadfcffc05f318b607de4249ca
                                                                                                                                                                                • Opcode Fuzzy Hash: 88bc9be6d1f2bb383f6b3bbfedfd7704213ee3c944e90256fbf59a8d794602a1
                                                                                                                                                                                • Instruction Fuzzy Hash: 5941CF74F00124DBCF08ABB5A4594ADBAF7AFC9264B144529E806E7794EF34CC06CB92
                                                                                                                                                                                Function 07752260 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a5ce97402f2b661cbac3df3a1c3561b449c50c565504cd81d01d7e7f8e7d3a42
                                                                                                                                                                                • Instruction ID: 5f11508adc685f105f8f310a27320fb2df03bc8f3df482570fc346e5602fd514
                                                                                                                                                                                • Opcode Fuzzy Hash: a5ce97402f2b661cbac3df3a1c3561b449c50c565504cd81d01d7e7f8e7d3a42
                                                                                                                                                                                • Instruction Fuzzy Hash: 3D416DF5B001069BEB10DBA5D844BBEB3A5FF88355F148869DD05A7741EB71E801CBA1
                                                                                                                                                                                Function 07DD2AD1 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 739a15bd68226bdeb4bee60cf0ef448bb9275f19aeac61662b8f9f8ab5cc4d30
                                                                                                                                                                                • Instruction ID: f6bdd64bc966bb347e3721fdc2814c4e698fa21ee49073bbe6660ec6fdda4b6c
                                                                                                                                                                                • Opcode Fuzzy Hash: 739a15bd68226bdeb4bee60cf0ef448bb9275f19aeac61662b8f9f8ab5cc4d30
                                                                                                                                                                                • Instruction Fuzzy Hash: 4941BA70310212CFCB199F38C455AAEBBE2BF89308F158169E8458B3A5DF78ED55CB91
                                                                                                                                                                                Function 07DD7550 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8a6cb8cdabbed97b57419b30f9108a487399dbea14b6f0ab51e91b09acffe16e
                                                                                                                                                                                • Instruction ID: 881cc58e451bd90195e36af0693d0366bad9a9a2fba7a7f664c66b0e5c040c4c
                                                                                                                                                                                • Opcode Fuzzy Hash: 8a6cb8cdabbed97b57419b30f9108a487399dbea14b6f0ab51e91b09acffe16e
                                                                                                                                                                                • Instruction Fuzzy Hash: 3B417B74E00209DFCB18DFB8D858AEEBBF2AF89314F248469E515A7790DB359C45CB90
                                                                                                                                                                                Function 0775F630 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ad5da8cfa45e4fad65749021bec84cf79a7d77bb9c50d9abd9c7bd8633ca999c
                                                                                                                                                                                • Instruction ID: 4cd964e34fbfa5cdd2da0899e9184eb2318a0c9fa4a27ec0cac09091b8c518a4
                                                                                                                                                                                • Opcode Fuzzy Hash: ad5da8cfa45e4fad65749021bec84cf79a7d77bb9c50d9abd9c7bd8633ca999c
                                                                                                                                                                                • Instruction Fuzzy Hash: 07415C35B002149FCF09EBB8E4589ADBBB7FF89204B1480AAE506DB3A1DF358905CB51
                                                                                                                                                                                Function 07E148E0 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c4154286812c0eef15a7d7797baef7dc470b60901e42cbfbd1d9fbf0844ff5c2
                                                                                                                                                                                • Instruction ID: 0e8a16df55b7846c77f6cfb6fc4ea00802cb5af9ebac3ddd3edc755b840eb526
                                                                                                                                                                                • Opcode Fuzzy Hash: c4154286812c0eef15a7d7797baef7dc470b60901e42cbfbd1d9fbf0844ff5c2
                                                                                                                                                                                • Instruction Fuzzy Hash: 1341E5B0A0128A9FDB14CFA4C45ABAD7FF2AF89308F14442DD1469B3D1DB74A985CB40
                                                                                                                                                                                Function 07E148CF Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 151f494a065afb5b2bcb6909a61dcb3be885a07e4a4c97632b09e3c24bc2b04d
                                                                                                                                                                                • Instruction ID: 6a4b9d5713ff65beb0a095d19ee566e4a3aded657a1447bdc829018925e0353f
                                                                                                                                                                                • Opcode Fuzzy Hash: 151f494a065afb5b2bcb6909a61dcb3be885a07e4a4c97632b09e3c24bc2b04d
                                                                                                                                                                                • Instruction Fuzzy Hash: 724126B0A0128A9FDB14CFA4C445BED7BF2AF8A308F14542DE1469F794DB74AD85CB80
                                                                                                                                                                                Function 07DD5D60 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 18edef7a56867ac908b7505617a50c640843144cf297d4ed14aef8898082df6e
                                                                                                                                                                                • Instruction ID: 87a36b755d7d35e31eef465818839d5bbf62497671acb261f44f4ce0a72b43fa
                                                                                                                                                                                • Opcode Fuzzy Hash: 18edef7a56867ac908b7505617a50c640843144cf297d4ed14aef8898082df6e
                                                                                                                                                                                • Instruction Fuzzy Hash: B1319F34B111A08BDB1D3779642A17D3ADBEBCA314B285469E113CBBE1DF39CC469392
                                                                                                                                                                                Function 07D9CA30 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: addf7a5367ccb6885fb7935537faf45b3495ffcda27baf3689630c77d17e97cd
                                                                                                                                                                                • Instruction ID: 55caff5761699c3822451c7e8bd72bf5263fbf38c12eef0a807526abccda099b
                                                                                                                                                                                • Opcode Fuzzy Hash: addf7a5367ccb6885fb7935537faf45b3495ffcda27baf3689630c77d17e97cd
                                                                                                                                                                                • Instruction Fuzzy Hash: 64416D71B002188FDB189F79D4586AEBBF6EF89314F10847AD50AE7390DB359C068BA4
                                                                                                                                                                                Function 07DD2390 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5917ea43217ab7a6bac6171218483c13d400bcf4b31551465ba0d12c3ee6838a
                                                                                                                                                                                • Instruction ID: dcb3ddd3d335cc760871af2ff9970fd8fddc7f4000cc1f6dbbab3c366411f91e
                                                                                                                                                                                • Opcode Fuzzy Hash: 5917ea43217ab7a6bac6171218483c13d400bcf4b31551465ba0d12c3ee6838a
                                                                                                                                                                                • Instruction Fuzzy Hash: 32513931A00209DFCF05DFA4C598ADDBBB6FF48314F1080A9E90AAF265DB71AD45CB90
                                                                                                                                                                                Function 07DF7CF8 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 08d74d6fb8364eb4582219308a6018324dcf62c82c7973b4b399e2b6b823ddaa
                                                                                                                                                                                • Instruction ID: 53a680b23d22cf9d3762d4fb0dc4b2a2b50e5093f96b49dc32a027899b0c641c
                                                                                                                                                                                • Opcode Fuzzy Hash: 08d74d6fb8364eb4582219308a6018324dcf62c82c7973b4b399e2b6b823ddaa
                                                                                                                                                                                • Instruction Fuzzy Hash: 94418CB4A00206CFDB14DF34C588AE9BBF2BF48325F95446AE945DB751DB34E885CB90
                                                                                                                                                                                Function 0775C730 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ab4332c2de0f7782fba39a6b672b4b37492e0b418c61dc181d484cbe02c059ac
                                                                                                                                                                                • Instruction ID: 95bb224054d5a9512c9a326d1241712d092039000f7e47b64b305515f3779d9d
                                                                                                                                                                                • Opcode Fuzzy Hash: ab4332c2de0f7782fba39a6b672b4b37492e0b418c61dc181d484cbe02c059ac
                                                                                                                                                                                • Instruction Fuzzy Hash: 46317B75B083419FCB155B39A4143AE7BE6EF86350F14C87AE809C7791DB79C841CBA0
                                                                                                                                                                                Function 07D9BD08 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4ab95624fdc0994d1a68e6ad81c0369e109c41827539daca899e487377631bf9
                                                                                                                                                                                • Instruction ID: 23423dce6daa556a5ca2d052c540857cc81488518e746b100762b78044bba276
                                                                                                                                                                                • Opcode Fuzzy Hash: 4ab95624fdc0994d1a68e6ad81c0369e109c41827539daca899e487377631bf9
                                                                                                                                                                                • Instruction Fuzzy Hash: A8418D343006418FC718EB35E4998AABBE6FFC9214714896EE546CBB65CF34EC46CB91
                                                                                                                                                                                Function 07E10007 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 403826472fd849c44642df9066d12069c787dd3d24394f4d31ed0d1a35eba14c
                                                                                                                                                                                • Instruction ID: 85faf7ef3e41ca0d4ef7aad22efa1bc482af486f4a52b784000df16f9129b0d5
                                                                                                                                                                                • Opcode Fuzzy Hash: 403826472fd849c44642df9066d12069c787dd3d24394f4d31ed0d1a35eba14c
                                                                                                                                                                                • Instruction Fuzzy Hash: 2331C87120A3818FC3224725D4255A7BFB1AF47629B1A44EBD489CF6A3D7289CC6C791
                                                                                                                                                                                Function 07E14AF8 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f2c64c776c392317862c2f49c89f04b2f8b42010a6503c084e7f678b7a6f043e
                                                                                                                                                                                • Instruction ID: 4606020812337b717dd93752441d678e7058169612828485ec4cb30148cc9308
                                                                                                                                                                                • Opcode Fuzzy Hash: f2c64c776c392317862c2f49c89f04b2f8b42010a6503c084e7f678b7a6f043e
                                                                                                                                                                                • Instruction Fuzzy Hash: 4D4191B4B012459FDB14DFB5D55ABAE7BF2AB89309F105029E502DB3D0DF359885CB80
                                                                                                                                                                                Function 07DD5D50 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e3548437d03729c905398304820d4955e93ab4992114f11dacc4f6313847e146
                                                                                                                                                                                • Instruction ID: aa8069503c66d40cf9e7321b2481e3ceb0c6feda99f38f4ad31722d90e162dbd
                                                                                                                                                                                • Opcode Fuzzy Hash: e3548437d03729c905398304820d4955e93ab4992114f11dacc4f6313847e146
                                                                                                                                                                                • Instruction Fuzzy Hash: 0531C4347111A08BDB0D2778642A17D3BD7AFC9314718546AE117CBBE1DF39CC468752
                                                                                                                                                                                Function 07DF98A8 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8b02911a3e4b55925043f157c9d4019c3dab80666e7e9df61b47a162d6eb69bc
                                                                                                                                                                                • Instruction ID: 2f6bec6092167dfb3094adcc198a9d4c8708349166f93a61fa90b5175ccb1c08
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b02911a3e4b55925043f157c9d4019c3dab80666e7e9df61b47a162d6eb69bc
                                                                                                                                                                                • Instruction Fuzzy Hash: FB418E74A00114DFCB14DF69D558AADBBF6FB8D300F14406AE906E7390DB31AC41CBA1
                                                                                                                                                                                Function 07D98348 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 76ec207d6933fd180f13567bce21f1616dbea0d612e9be532d0caaa86a68d350
                                                                                                                                                                                • Instruction ID: c1740643c3e1c429d376f230dd11d882ef37c924298198222a40446239da55df
                                                                                                                                                                                • Opcode Fuzzy Hash: 76ec207d6933fd180f13567bce21f1616dbea0d612e9be532d0caaa86a68d350
                                                                                                                                                                                • Instruction Fuzzy Hash: 5D419371B04206CFCB10DFB9C4489AEFBF6EF86614B1885BAD449DB221EB719D05CB91
                                                                                                                                                                                Function 0775BF60 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7500b06e91fa591d33a9b29fa3acc6b6cb3d2e440b31393f4a8fbed67af26a3d
                                                                                                                                                                                • Instruction ID: 3be47afac3dee2106f39fb06245366bbe65c67c1457c1200b6c755895581b9db
                                                                                                                                                                                • Opcode Fuzzy Hash: 7500b06e91fa591d33a9b29fa3acc6b6cb3d2e440b31393f4a8fbed67af26a3d
                                                                                                                                                                                • Instruction Fuzzy Hash: 9B31B2F47103029BD71A677498147BE72A3ABC5384F218439DE069B7C8DFBACC4687A1
                                                                                                                                                                                Function 07DF0721 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0b8d620e5c49ed0084be4e702bcdcc8d9ec0a33bcc3d9939642dc2315729c88f
                                                                                                                                                                                • Instruction ID: 0784459562728bd16198bd938953224b569103b9eb010ff40512b4ff95718160
                                                                                                                                                                                • Opcode Fuzzy Hash: 0b8d620e5c49ed0084be4e702bcdcc8d9ec0a33bcc3d9939642dc2315729c88f
                                                                                                                                                                                • Instruction Fuzzy Hash: A8418EB0A00245DFDB14EF69D5896ADBBF2EF48304F148029E506AB792DB709885CF91
                                                                                                                                                                                Function 07D939D0 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a3901b775bf48c6e9447662af0f0fa3eceede4e6cc588c666beb2c1925cb1f34
                                                                                                                                                                                • Instruction ID: 0d099309c5e48a67b4f61b36ecbd735315b3044eef5beb108a60f68c0ed87cf9
                                                                                                                                                                                • Opcode Fuzzy Hash: a3901b775bf48c6e9447662af0f0fa3eceede4e6cc588c666beb2c1925cb1f34
                                                                                                                                                                                • Instruction Fuzzy Hash: DE413074B00215CFCB18EF65C8899EEBBB2FF88300B548569E9069B355DB71DC51CB91
                                                                                                                                                                                Function 07D9DBE8 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2071b175811cae29fe5d2931987aeaec6ec7ceafb3d5f48f6aa28ea51b814983
                                                                                                                                                                                • Instruction ID: 04a6820929a1f2440fbc1d6f34e02dd8acfc7dc35509d0c57947294cba49ae6e
                                                                                                                                                                                • Opcode Fuzzy Hash: 2071b175811cae29fe5d2931987aeaec6ec7ceafb3d5f48f6aa28ea51b814983
                                                                                                                                                                                • Instruction Fuzzy Hash: 814140B4B002059FDB18CBA9C894AEEBBF6EF8D254F24446CD505AB361DB70EC41CB60
                                                                                                                                                                                Function 07DD8080 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: af5d6ce153f0c1868d220090538f30a6d241833e87ef88c7b7204513a0b34ee4
                                                                                                                                                                                • Instruction ID: 15e57d11e656b8a14f11eb26d911b9380869d678fbda29a40ebf8909b2d439c5
                                                                                                                                                                                • Opcode Fuzzy Hash: af5d6ce153f0c1868d220090538f30a6d241833e87ef88c7b7204513a0b34ee4
                                                                                                                                                                                • Instruction Fuzzy Hash: DF413974A00204DFCB15AFA9DA489ADBBF2FF89310F204469E906A7394DB319C41DBA1
                                                                                                                                                                                Function 07DD31F0 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 628ec00c980325f3e8324933e92e2ae9009bed174f2a5eeafa4dd9e77896efd9
                                                                                                                                                                                • Instruction ID: 6749321466803dbe0b979b8ba723f4e64e191ba743cb0d6e43a3b0f25d67b72e
                                                                                                                                                                                • Opcode Fuzzy Hash: 628ec00c980325f3e8324933e92e2ae9009bed174f2a5eeafa4dd9e77896efd9
                                                                                                                                                                                • Instruction Fuzzy Hash: 7A417774700606CFCB15EF64C558AAEBBF6BF89304B10815DE4029BB60DB74ED0ACB82
                                                                                                                                                                                Function 07E14B08 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d4064d9b93b6d54264657ce3a86d6608e62a3f741c1f8b0d31bca6417efbfd68
                                                                                                                                                                                • Instruction ID: 71c1e734996a07c2e30b796a6b6aedafab07875c47d14dcfddcc87ec7664ba85
                                                                                                                                                                                • Opcode Fuzzy Hash: d4064d9b93b6d54264657ce3a86d6608e62a3f741c1f8b0d31bca6417efbfd68
                                                                                                                                                                                • Instruction Fuzzy Hash: 78314DB4A012449FDB18DFA5D59ABAE7BF2AB85308F14402CE506DB3A1DF759884CB90
                                                                                                                                                                                Function 07D92028 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 92489829b717bed87ae818cf4bfbfdc1f480dff4add7d4e8aa7f49f03e9edc0b
                                                                                                                                                                                • Instruction ID: f5b28abf63a53da9bab8b801a0133d91a0928e35d213e648f5393c0774a4f350
                                                                                                                                                                                • Opcode Fuzzy Hash: 92489829b717bed87ae818cf4bfbfdc1f480dff4add7d4e8aa7f49f03e9edc0b
                                                                                                                                                                                • Instruction Fuzzy Hash: 78418FB4A04209EFDF54DF64D8487EEBBF2FB89314F104429D506AB291CB74A889CB60
                                                                                                                                                                                Function 07DD1921 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 66a65f1eb03a4936910f16e6c52967c6ee9f05e8773429a6cac5ed5aec9cba2b
                                                                                                                                                                                • Instruction ID: 9b2490095174c0a59fb91784611b782a7c69ad7efa9d6f63424c8832c78ec7c1
                                                                                                                                                                                • Opcode Fuzzy Hash: 66a65f1eb03a4936910f16e6c52967c6ee9f05e8773429a6cac5ed5aec9cba2b
                                                                                                                                                                                • Instruction Fuzzy Hash: 58411674A0021DDFCB14DF95D588ADDBBB6FF49300F258069E406AB264EB71AD46CF90
                                                                                                                                                                                Function 07757B48 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6d834cd486eba34fc618fcfe77f8ecf90c2b62d06af4078980cc3831673e2302
                                                                                                                                                                                • Instruction ID: dba2c8ab444dd2a70de16695a9ef16741d22e8c959ec061b3f2adba0ce82f494
                                                                                                                                                                                • Opcode Fuzzy Hash: 6d834cd486eba34fc618fcfe77f8ecf90c2b62d06af4078980cc3831673e2302
                                                                                                                                                                                • Instruction Fuzzy Hash: 1231BEF0B002458FDB18CF79C894EAAB7F6EF89294F20495CD546AB754EB70AC44CB90
                                                                                                                                                                                Function 07E100FF Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 238abc26b3e5be37eddae9c48293a713ca820d3ca5738889763c024ad0cca70a
                                                                                                                                                                                • Instruction ID: 95da33311fedcb8591d1f8c05779f10afab0807e2d79db3542dc624f4096ea2b
                                                                                                                                                                                • Opcode Fuzzy Hash: 238abc26b3e5be37eddae9c48293a713ca820d3ca5738889763c024ad0cca70a
                                                                                                                                                                                • Instruction Fuzzy Hash: C5414879A11108CFCB15DBA8C5858DDFBF6EF8C224B198069D905AB715CA35EC82CFA1
                                                                                                                                                                                Function 07757B58 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7f2a44fd4c34a9aa94e2cc84febe3b5977fb7135a9aa908c1024f79830877b52
                                                                                                                                                                                • Instruction ID: 14a86211c24c55b10ef989829783c1991627d4ca0b6d28a060cb8ef85657ff7a
                                                                                                                                                                                • Opcode Fuzzy Hash: 7f2a44fd4c34a9aa94e2cc84febe3b5977fb7135a9aa908c1024f79830877b52
                                                                                                                                                                                • Instruction Fuzzy Hash: E8318DF07002059FDB18CF69C885EAAB7F6AF89354F20885CD546AB754DB70EC45CB90
                                                                                                                                                                                Function 07DD001F Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c4ded8c7a7a6107f81e682f6b8e9d52a952cd8642b3ec6dfad66285ae5518897
                                                                                                                                                                                • Instruction ID: 2f99df4f773e683d7ae886616567a12c3ddad131ac977fecaf7671191c2869cb
                                                                                                                                                                                • Opcode Fuzzy Hash: c4ded8c7a7a6107f81e682f6b8e9d52a952cd8642b3ec6dfad66285ae5518897
                                                                                                                                                                                • Instruction Fuzzy Hash: 1531A2719093869FCB028B78D8545EABFF0EF4A214F1581E7D484D7653D7344A09CBA1
                                                                                                                                                                                Function 07D9C7E1 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9918725affcd77234841c04d5a18ea2f5476b2492f11a40b7a9ac968fad5d99d
                                                                                                                                                                                • Instruction ID: 8b24e05ef05d4e99f4c138d94ce5342abf60506f1fe68086c4e4767bbdd42bbb
                                                                                                                                                                                • Opcode Fuzzy Hash: 9918725affcd77234841c04d5a18ea2f5476b2492f11a40b7a9ac968fad5d99d
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E317E747103029FCB159B35C4446A6F7A6EFC9254B24893DE94ACB754EF30EC46CBA0
                                                                                                                                                                                Function 077532C0 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5289fd428738a9a0c6e0281d2eb00ddd0a475f59ea24ddc1d42cc3f273d37c4b
                                                                                                                                                                                • Instruction ID: 928fa74ad1efa324e55d71dc2ccf0b7a723452b65648b4740f6169427e1d764d
                                                                                                                                                                                • Opcode Fuzzy Hash: 5289fd428738a9a0c6e0281d2eb00ddd0a475f59ea24ddc1d42cc3f273d37c4b
                                                                                                                                                                                • Instruction Fuzzy Hash: F441B075200606DFCB21CF69C984D59BBF6FF49354709C9A9E8998B261D730F854CF90
                                                                                                                                                                                Function 07754268 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 97c840939c02afff01f31dcdc53d7bce9c50a6487702030bd53859635c2bf8c8
                                                                                                                                                                                • Instruction ID: 172f494479baca17ffd6af1dfb1224a97e5cbf0e8eab7d7605e5e9fab5a7f1b4
                                                                                                                                                                                • Opcode Fuzzy Hash: 97c840939c02afff01f31dcdc53d7bce9c50a6487702030bd53859635c2bf8c8
                                                                                                                                                                                • Instruction Fuzzy Hash: A231F5747002459FDB218F15D488AAF7BB6FF89290F148428F806CB364CB74ED86CB90
                                                                                                                                                                                Function 07DDFBC8 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d54baae23368b01e18c98da1f75f0c3010515bc4bf9f1704e70b908fd30c9595
                                                                                                                                                                                • Instruction ID: e7271798adb48bfcafff27fde0bb44f567673e9293dfb8fa881ff7b7be0aaee9
                                                                                                                                                                                • Opcode Fuzzy Hash: d54baae23368b01e18c98da1f75f0c3010515bc4bf9f1704e70b908fd30c9595
                                                                                                                                                                                • Instruction Fuzzy Hash: B321D5B53106069FDF159F39C8906AEBBA2EFC4314B14482AEC26CB395DB35CE158B61
                                                                                                                                                                                Function 07D9CBA0 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fc5f5b28f15f091462483dab1adec8a980cc51dd29e99910fcc5fa56c3bc21f4
                                                                                                                                                                                • Instruction ID: a3afaff801dcf6ef56221b8997efee21f54a0b30b5198436fa1392568a45ff73
                                                                                                                                                                                • Opcode Fuzzy Hash: fc5f5b28f15f091462483dab1adec8a980cc51dd29e99910fcc5fa56c3bc21f4
                                                                                                                                                                                • Instruction Fuzzy Hash: FB310631B04250AFCB05AB78D4245EDBFF6EF8A31472480AAE545DB761CF358D06CBA5
                                                                                                                                                                                Function 07DD28C9 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 156fe7ef9d25b75e2adc059326d7e36abfd39ae7606f18c0b1c538ea7d90f362
                                                                                                                                                                                • Instruction ID: 28fe450af36ebb0899a586d9a339c64ff24d2da8d13e40d4fd2e2edb5b16a16c
                                                                                                                                                                                • Opcode Fuzzy Hash: 156fe7ef9d25b75e2adc059326d7e36abfd39ae7606f18c0b1c538ea7d90f362
                                                                                                                                                                                • Instruction Fuzzy Hash: CC3107B1A00209EFCF15DF98C884ADDBBB6FF49314F144069E905A7364DB36AD45CB90
                                                                                                                                                                                Function 07E15CF8 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ca3150854419098038273a4b084499be9ff26e0e014f81cdc551baee6e6252ae
                                                                                                                                                                                • Instruction ID: c5f1b6e1b0913a00885beadc63f1a527d56f24f57a9530200d69514c14519a1f
                                                                                                                                                                                • Opcode Fuzzy Hash: ca3150854419098038273a4b084499be9ff26e0e014f81cdc551baee6e6252ae
                                                                                                                                                                                • Instruction Fuzzy Hash: E0315C70B002059BDB149B69C85ABEEBAF2AFC9714F249429E512EB390CBB44C55CB91
                                                                                                                                                                                Function 07770D28 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219462517.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7770000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: da21a40d6b8717971e403199a5f8cd04f887aa52aeeda93ab689d9039838bb4d
                                                                                                                                                                                • Instruction ID: 0de71407ecf2f56db15c400fde4da6e7a9fdb076a91565bb952aea8c5c4f5e9a
                                                                                                                                                                                • Opcode Fuzzy Hash: da21a40d6b8717971e403199a5f8cd04f887aa52aeeda93ab689d9039838bb4d
                                                                                                                                                                                • Instruction Fuzzy Hash: C031A6B4A043499FCF05DFA5C8549AEBBB2FF8A250B1041AAD811A7392D7319D11CB61
                                                                                                                                                                                Function 07DFDBB0 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b1e48de7b5acb57f658121dd70a389c031e99a9095fcdd96128cabd60591cb27
                                                                                                                                                                                • Instruction ID: d51764156fd3f72246b6feb4cf2679e642a03545a78c106260b6a9b10e994820
                                                                                                                                                                                • Opcode Fuzzy Hash: b1e48de7b5acb57f658121dd70a389c031e99a9095fcdd96128cabd60591cb27
                                                                                                                                                                                • Instruction Fuzzy Hash: 1021F8B6704259EFCB05CF59D81089AFBBAFB882207028067FA5587251C772E811CBE1
                                                                                                                                                                                Function 07DFF2F0 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 772efc9e93b0effedc1d7b3e3f7e43376ee6dafb6fbdd7007defbb836acb62a6
                                                                                                                                                                                • Instruction ID: edc08ee5bad55f9e25b2a9002c5154ffa56dc31360564d74e0b0d6e6bcf4779b
                                                                                                                                                                                • Opcode Fuzzy Hash: 772efc9e93b0effedc1d7b3e3f7e43376ee6dafb6fbdd7007defbb836acb62a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 1321C476700215EBCB159F99984089EFBAAFF88361716802BEA1593310CB31E812CBA5
                                                                                                                                                                                Function 07D9C8E9 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1c6743b76531e65b21e7e581f6ed1ad5e31d8aa1ff0babc1d0c62bb104ef1b77
                                                                                                                                                                                • Instruction ID: 65503c0f27cc0e360fdd67fc994169e97174738026d29ef0134483ec133acb2c
                                                                                                                                                                                • Opcode Fuzzy Hash: 1c6743b76531e65b21e7e581f6ed1ad5e31d8aa1ff0babc1d0c62bb104ef1b77
                                                                                                                                                                                • Instruction Fuzzy Hash: 3D312D74A00205DFCB04DF69D4949E9BBF6FF89214B2480AAE906EB361DB319D16CB60
                                                                                                                                                                                Function 07DDFA78 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 683d9a22b691656ff0cf8a21fbe1a1041b7efd5936da0fbdbcd84fa33c641aca
                                                                                                                                                                                • Instruction ID: 5a8fa2148980db1e4ea97bd448bb74e095f6bfbdfefe75ec7f4648c81e362d4a
                                                                                                                                                                                • Opcode Fuzzy Hash: 683d9a22b691656ff0cf8a21fbe1a1041b7efd5936da0fbdbcd84fa33c641aca
                                                                                                                                                                                • Instruction Fuzzy Hash: A8314D76E002149FCB19CFA5E4549DEFFF2EF8C220B198065E816A7320DB309C44CBA1
                                                                                                                                                                                Function 07DDA528 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 00d00525d9b1755e42758043c0591b820abce56511937b6969362308c989aa1e
                                                                                                                                                                                • Instruction ID: ab7ebda355b5c528e47753de189c126cbc8c7e7c63fb0eef3bd6241a9eec4651
                                                                                                                                                                                • Opcode Fuzzy Hash: 00d00525d9b1755e42758043c0591b820abce56511937b6969362308c989aa1e
                                                                                                                                                                                • Instruction Fuzzy Hash: 3631D675A00515CFCB05EFA8D8888ADFBF2EB8D220B15C169E806BB354DB35AC41CF90
                                                                                                                                                                                Function 07D939C0 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d15dd21704870253f0acad626175f09eba5814a7e6370b6bc226d9c560c61ba8
                                                                                                                                                                                • Instruction ID: 275c3540f5d76ce24eb2fb3a66398e399820ca23b39adaba18b5e86b4c843182
                                                                                                                                                                                • Opcode Fuzzy Hash: d15dd21704870253f0acad626175f09eba5814a7e6370b6bc226d9c560c61ba8
                                                                                                                                                                                • Instruction Fuzzy Hash: C431B474B00251CFCB09DB64C8899EEFBB2FF89310B548569E9059B396DB31DC51CBA1
                                                                                                                                                                                Function 07750AB9 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1cc7c0a52f42416fd64d29646591ee52cb107739599f0b7eb45f20de087007de
                                                                                                                                                                                • Instruction ID: 87928aba497ccd08030f1ac1597392f24edfa52bf43ad9359629fab1ce1490e3
                                                                                                                                                                                • Opcode Fuzzy Hash: 1cc7c0a52f42416fd64d29646591ee52cb107739599f0b7eb45f20de087007de
                                                                                                                                                                                • Instruction Fuzzy Hash: 3F312B71E102199FCB54CFA9C880A9EBBF1BF49354F148829E805EB311D7B1A842CB91
                                                                                                                                                                                Function 07E15CE8 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d871cff7e139d1b9b38db3f1d989dff9b6cdb1c0f223270cee8c8f4d9abeb684
                                                                                                                                                                                • Instruction ID: a928b22e745e2f42311735a3057af05867bb2bb21324c8e56b6cd9b0c8406417
                                                                                                                                                                                • Opcode Fuzzy Hash: d871cff7e139d1b9b38db3f1d989dff9b6cdb1c0f223270cee8c8f4d9abeb684
                                                                                                                                                                                • Instruction Fuzzy Hash: A421EF74B002049BDB149B79C86ABEE7AE2AFC9718F24502DD512AB380DFB48C55CB91
                                                                                                                                                                                Function 07E13C60 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 36ae8f301b1a963e8e12effadb955d8a79dd7f50e7fbae86cfe866f02e0d8ce7
                                                                                                                                                                                • Instruction ID: dcb11368cfccda2eed855ee6ce550b7cbfda5f300efa8139191f8b7ac1371589
                                                                                                                                                                                • Opcode Fuzzy Hash: 36ae8f301b1a963e8e12effadb955d8a79dd7f50e7fbae86cfe866f02e0d8ce7
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A210B719105589FDB16CF64C449BD6BBB6FF49304F058464FD456F290C7B26C89CB90
                                                                                                                                                                                Function 07D96380 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 749baf934460ce6b0a2d4894dba95fea84c83503c553e4a91191bb60c2825761
                                                                                                                                                                                • Instruction ID: c0c56b4e8a219f78fc7d3a7af15c5531039776e4e7eac86fadd2e17ae95aa91f
                                                                                                                                                                                • Opcode Fuzzy Hash: 749baf934460ce6b0a2d4894dba95fea84c83503c553e4a91191bb60c2825761
                                                                                                                                                                                • Instruction Fuzzy Hash: EF21B270705321CFCB159B74D068A59BBF6EF85210F1880AAE40ACB792DB35DC46CB91
                                                                                                                                                                                Function 07DD5F10 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e3507fb62e5a857ff389143c72ea1e03a9e01a21d8f2876c2bc80c9de46dd58f
                                                                                                                                                                                • Instruction ID: 3870172b071ca1f663ef34cc0b55baf8a03a44d0401a022ca63f7c9462de42ad
                                                                                                                                                                                • Opcode Fuzzy Hash: e3507fb62e5a857ff389143c72ea1e03a9e01a21d8f2876c2bc80c9de46dd58f
                                                                                                                                                                                • Instruction Fuzzy Hash: B2311874B00215CFC704DF68D5889AEBBF6FF89205B2140A9E406EB761CB71EC44CBA2
                                                                                                                                                                                Function 07D90B29 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: adbfd84990f77ad0cf195ba36f942fb68d30d859ecd251f314e2a102d1fbd926
                                                                                                                                                                                • Instruction ID: abfe8bd641dadc8744bbdefc24c2eaaa922e55ea9026b3de8188ccf259db5e79
                                                                                                                                                                                • Opcode Fuzzy Hash: adbfd84990f77ad0cf195ba36f942fb68d30d859ecd251f314e2a102d1fbd926
                                                                                                                                                                                • Instruction Fuzzy Hash: 9821A270B002059FCF05EBA499916EEB7B2AF88204F14A12DD306AF681DF31D856D791
                                                                                                                                                                                Function 07DDA523 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2dc3a519c5c3046163c94dc18615740e2783ec00276ebeae94c2052eb18f2744
                                                                                                                                                                                • Instruction ID: bb86164345aa5bfdff6ff86ae57f7689752b2ef24b667878d5978b005d0f2c45
                                                                                                                                                                                • Opcode Fuzzy Hash: 2dc3a519c5c3046163c94dc18615740e2783ec00276ebeae94c2052eb18f2744
                                                                                                                                                                                • Instruction Fuzzy Hash: 2131C575A00515CFCB05EFA8D9888ADFBF2FB8D221B15C169E805AB350DB35AC41CF90
                                                                                                                                                                                Function 07DDFA88 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c3a30561a888a22fca2655d027605518089106a4a96bdb0b6482118e10dea11c
                                                                                                                                                                                • Instruction ID: b993248368922dcd0c817124391372f7fff507842213409859e3b92a740d4f56
                                                                                                                                                                                • Opcode Fuzzy Hash: c3a30561a888a22fca2655d027605518089106a4a96bdb0b6482118e10dea11c
                                                                                                                                                                                • Instruction Fuzzy Hash: 00212C76E112149FCB19CFA9D45499EFBF2EF8C320B199069E816A7360DB30DC41CBA1
                                                                                                                                                                                Function 07D9DDA1 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: de66c7814c071e013c03bd48d1391ca0d06a81cfa7c0685811e30f0d989d20dc
                                                                                                                                                                                • Instruction ID: 18a21f325caedcf6776f332d5b0ba288ce07ea5e7d70ea00b796d5b961a58108
                                                                                                                                                                                • Opcode Fuzzy Hash: de66c7814c071e013c03bd48d1391ca0d06a81cfa7c0685811e30f0d989d20dc
                                                                                                                                                                                • Instruction Fuzzy Hash: 9921AF75B04068DBCF054EA8A4454EDF7F7AB8E360B144529E80AE3344EB349D02CB91
                                                                                                                                                                                Function 07E13C50 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c57a8ddc3b89bf96415bb62c84b28d44f0f27d080f6b9571f36d9eed54b55408
                                                                                                                                                                                • Instruction ID: 53f5d171fb6bf94bbe7435c3c0342b16551976114a9e94572270634a3cfd059b
                                                                                                                                                                                • Opcode Fuzzy Hash: c57a8ddc3b89bf96415bb62c84b28d44f0f27d080f6b9571f36d9eed54b55408
                                                                                                                                                                                • Instruction Fuzzy Hash: E1218BB2A111489FDF12CF64D4057DABB76FF4A314F018066FA45AF291C3B29989CBD0
                                                                                                                                                                                Function 07DD5F20 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e824c2c3af134e56f6ef716aac4e3c28219ec84fb628250e1284d7d74b248590
                                                                                                                                                                                • Instruction ID: 0e89fa2c169f935f6479e5ac73bec0d1d1d325b85d4f24fc1167b14ddd7f2c0b
                                                                                                                                                                                • Opcode Fuzzy Hash: e824c2c3af134e56f6ef716aac4e3c28219ec84fb628250e1284d7d74b248590
                                                                                                                                                                                • Instruction Fuzzy Hash: 6131E674B10115CFC704DF68D5889AEB7F6FF89215B2140A9E406EB761CB71EC45CBA2
                                                                                                                                                                                Function 07DFECB8 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 89f402b3b6e3ff5f4c9346059660113a7863c07c5944e88216c51d9f46855487
                                                                                                                                                                                • Instruction ID: 6dac4f898146cfa9e862578cc88f1295e9c6ebb930196871a89375e3b72c7e43
                                                                                                                                                                                • Opcode Fuzzy Hash: 89f402b3b6e3ff5f4c9346059660113a7863c07c5944e88216c51d9f46855487
                                                                                                                                                                                • Instruction Fuzzy Hash: 7221EBB5700216DBE728966DD80076AF3E6EBC0225F2DC13BD209C7BA4CF35D8468791
                                                                                                                                                                                Function 07DD44F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5bdd31b508979689fb7647629b297d2421660b75ffffcdb46be96a9830e6f671
                                                                                                                                                                                • Instruction ID: 833a8bd6cd3ccb361cb9a5ddcbf2a19f2696145961d866ddf93a2d7ede6c959e
                                                                                                                                                                                • Opcode Fuzzy Hash: 5bdd31b508979689fb7647629b297d2421660b75ffffcdb46be96a9830e6f671
                                                                                                                                                                                • Instruction Fuzzy Hash: A5318DB5A0020ADFCF05DFA4D949BEE7BB2FF48305F104429F9069B250CB759959CBA1
                                                                                                                                                                                Function 07D9C8F8 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 797a5f47c18b2db70b3b11a0fb4ad32c7671cd4393fadc0255b0914c1bfc2c19
                                                                                                                                                                                • Instruction ID: cad393e1537fe21bbecc18e3ab8b626e7dbd45fe0095c4114ac65409f6a8b7ab
                                                                                                                                                                                • Opcode Fuzzy Hash: 797a5f47c18b2db70b3b11a0fb4ad32c7671cd4393fadc0255b0914c1bfc2c19
                                                                                                                                                                                • Instruction Fuzzy Hash: 5131FB74A001059FCB04DF69C4948E9BBF6FF9920572480ADE906AB761DB71ED06CBA0
                                                                                                                                                                                Function 07D90B38 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bc4ce99d524d7417795e05d4ec3f00caabb5e56d8c15ee4999a93497e5419adc
                                                                                                                                                                                • Instruction ID: c87e96493a6f1dfd0be549ff84526c138cea7f8ddf24ef9546bc7d81a0c71298
                                                                                                                                                                                • Opcode Fuzzy Hash: bc4ce99d524d7417795e05d4ec3f00caabb5e56d8c15ee4999a93497e5419adc
                                                                                                                                                                                • Instruction Fuzzy Hash: 07216270B006099BDF04EBE588D17BEB7A6AF88204F54A12CD3066F781DF71D856D7A2
                                                                                                                                                                                Function 07DF1B89 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 633432cdc443441fccd1adc82810c99bf4d69d8d5c516202fbbf5ce071d353f4
                                                                                                                                                                                • Instruction ID: 900a2aad75b40da127f6c88d614061c64e2145aa85cecd0ca9d66b87fe418054
                                                                                                                                                                                • Opcode Fuzzy Hash: 633432cdc443441fccd1adc82810c99bf4d69d8d5c516202fbbf5ce071d353f4
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E21C375605288DFCB12DFA9D840A99BFB0EB4A315B1581DBE64CCB352E6368C13C791
                                                                                                                                                                                Function 07E12CA8 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d011e64e84b417e24cc65bb0659aff02b77c9ddac997c8f8c514bc40058417ca
                                                                                                                                                                                • Instruction ID: 360eff50c5b60016f950b56365b032d95cf49023ed2999b8fe7633aad3fc2625
                                                                                                                                                                                • Opcode Fuzzy Hash: d011e64e84b417e24cc65bb0659aff02b77c9ddac997c8f8c514bc40058417ca
                                                                                                                                                                                • Instruction Fuzzy Hash: AA11B476B005108BCB249B28D8197E977E9FF89325F15407AEB09D7750CA715C49CBD1
                                                                                                                                                                                Function 07DFDB38 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8c0926321ac61c9017a32cd1e8dcf32c11f9fdbedb6c99d11aa905026f4a7d64
                                                                                                                                                                                • Instruction ID: d551fe0f36e33aba46f3ef49f22b5fbcff887b1ea39a2e69014d97e8c99ca7fb
                                                                                                                                                                                • Opcode Fuzzy Hash: 8c0926321ac61c9017a32cd1e8dcf32c11f9fdbedb6c99d11aa905026f4a7d64
                                                                                                                                                                                • Instruction Fuzzy Hash: FF210271301240EFC7269F79E42499A7FB7FB8A60271640AAE646C7751CB39DC43CB91
                                                                                                                                                                                Function 07DF1040 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b12fe4f014221222f4e5f1ff9bb21f1d8c6c8f04663ece4979d7f94b07248975
                                                                                                                                                                                • Instruction ID: d9ea8010c7ec42e1321d25fe9aebf9b25cd6b9e6bdc0e7aa68d88a89172769ff
                                                                                                                                                                                • Opcode Fuzzy Hash: b12fe4f014221222f4e5f1ff9bb21f1d8c6c8f04663ece4979d7f94b07248975
                                                                                                                                                                                • Instruction Fuzzy Hash: 7F21D075B0021ADFCB06ABA4D9495EEBBB6EF88210B04402AEA05DB351DF31C905DBA1
                                                                                                                                                                                Function 07DD0070 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1815a968150f6256eaa779e9c09c141e4cab474c91075ef7353617194fc4da8e
                                                                                                                                                                                • Instruction ID: 64f44a97e02718e7fe78572fc1658d79b32c88cc16ddc9f57a37d2be5714835c
                                                                                                                                                                                • Opcode Fuzzy Hash: 1815a968150f6256eaa779e9c09c141e4cab474c91075ef7353617194fc4da8e
                                                                                                                                                                                • Instruction Fuzzy Hash: 8E210775E04249EFDB41CFA8C8446EEFBF1EF89200F148069E548E7251D7759A05CBA1
                                                                                                                                                                                Function 07D94EA0 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 163ab5c2625d8aaedcf87c2ca732d10dd20e1f53e2a4eaf4121af8d31c4cda94
                                                                                                                                                                                • Instruction ID: 66d8ae4e00ba1e4f35f0de9bd9a4f8eb1b71cabfb6bca5f29fe14ef96a377d6d
                                                                                                                                                                                • Opcode Fuzzy Hash: 163ab5c2625d8aaedcf87c2ca732d10dd20e1f53e2a4eaf4121af8d31c4cda94
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E2180B5300295CFDB149F29D888AABBBE5FF89210F048469F916C7392DB34DC05CB20
                                                                                                                                                                                Function 07D98500 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: be8e9ef9542bc3eee0ff039cbd17570e2e48b76db1d9ad6f16e0f1ed503c7c06
                                                                                                                                                                                • Instruction ID: 76cbcb52273b88b2364b6912d7e713a6f3ef3e4ddc3429fea374599b28a21e55
                                                                                                                                                                                • Opcode Fuzzy Hash: be8e9ef9542bc3eee0ff039cbd17570e2e48b76db1d9ad6f16e0f1ed503c7c06
                                                                                                                                                                                • Instruction Fuzzy Hash: 8B21D4B1B00311EFCF109B69C8886AAFBE5AF86720F08847DD556D7392CA74DC45DB91
                                                                                                                                                                                Function 07D96BC0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 513a8f95e098fa531a9a9874ba5025db60971919da5efe4a78ca1367d230370c
                                                                                                                                                                                • Instruction ID: 46bafc8394136dccca2d7db2648507045ebc6702a9d699baadb21832557a359f
                                                                                                                                                                                • Opcode Fuzzy Hash: 513a8f95e098fa531a9a9874ba5025db60971919da5efe4a78ca1367d230370c
                                                                                                                                                                                • Instruction Fuzzy Hash: B9217C70A00218CFDB14DBB5D5546AEBBF6EB88218F104439E805E7784EF75DC46CBA0
                                                                                                                                                                                Function 07D97C81 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b734eb3f33dba2d3d05b399b067dedc999f1613af2f2a8ac018e8e76223b83e9
                                                                                                                                                                                • Instruction ID: 731357462f076e0fe372dc5f6f7d7bd7f7fb13761eeeec7ce4b3dbad956c045f
                                                                                                                                                                                • Opcode Fuzzy Hash: b734eb3f33dba2d3d05b399b067dedc999f1613af2f2a8ac018e8e76223b83e9
                                                                                                                                                                                • Instruction Fuzzy Hash: 6121B334200601CFCB14EB66C4998AEF7F6EFC4224764456DD14AABB65DF70ED09CB92
                                                                                                                                                                                Function 0775BF50 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 31f6c8d421b183ac7e0c31f568e21c8b95f7b13d3e2a48bde916cfdd5d188681
                                                                                                                                                                                • Instruction ID: 699ce278c51e6cbc2f2bcb827968fabd8599fca872412be3ff5a9496d6d85f66
                                                                                                                                                                                • Opcode Fuzzy Hash: 31f6c8d421b183ac7e0c31f568e21c8b95f7b13d3e2a48bde916cfdd5d188681
                                                                                                                                                                                • Instruction Fuzzy Hash: 741136F47043124BD70AA728AC002BE77E7ABC5298B11452ADD049B788DF78CC0A87A1
                                                                                                                                                                                Function 07D9F389 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cee3b294ddf4a190b5bec5b1ed0bdbe952b3211422fa78aef81d9c80353e7d84
                                                                                                                                                                                • Instruction ID: f250998daa2d969ccb5f3e1fc54044982cb6f39e31fa373f7dca81553a131916
                                                                                                                                                                                • Opcode Fuzzy Hash: cee3b294ddf4a190b5bec5b1ed0bdbe952b3211422fa78aef81d9c80353e7d84
                                                                                                                                                                                • Instruction Fuzzy Hash: 3E21F470A00205CFCB54CFA9C984A9AFBF5FF48324B25C6AAE459E7221D731E945CF90
                                                                                                                                                                                Function 0775F620 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d5b9da044f9ee3f2390a797964481d451d7cfabc00e94396bb0c95b69cf7a28c
                                                                                                                                                                                • Instruction ID: 70ce42138ca6a97ec2f2319d3f89dcef134d74d6244f87b8ac262ce9831ee834
                                                                                                                                                                                • Opcode Fuzzy Hash: d5b9da044f9ee3f2390a797964481d451d7cfabc00e94396bb0c95b69cf7a28c
                                                                                                                                                                                • Instruction Fuzzy Hash: 1C21D135B006298FCF02DB64D448CEDBFB7FF89204B04809AE5059B321DB748915CB91
                                                                                                                                                                                Function 07DDADB0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 81b762c35a2cfd69793199a9d975911f36f18cb2af6308b6d79eda29a890b721
                                                                                                                                                                                • Instruction ID: 476eec89464eaef5e88fea0fd6c620ec5b10ac79fa647ff973b9d368d1b114d0
                                                                                                                                                                                • Opcode Fuzzy Hash: 81b762c35a2cfd69793199a9d975911f36f18cb2af6308b6d79eda29a890b721
                                                                                                                                                                                • Instruction Fuzzy Hash: 0121CD716002669FC701DBA8C8449AAFBF5FF89224B10C279E419CB7A1DB30AC45CBE1
                                                                                                                                                                                Function 07DF0F1F Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b1f9e7dbba9adec3b10e114fd882ed9fbd284e1d5f3b58ef461e8e3e3c44391a
                                                                                                                                                                                • Instruction ID: 9a84ea3cf23f34ada3a7ff41db0c56bfb300f5211ec106c5a5877a977442371b
                                                                                                                                                                                • Opcode Fuzzy Hash: b1f9e7dbba9adec3b10e114fd882ed9fbd284e1d5f3b58ef461e8e3e3c44391a
                                                                                                                                                                                • Instruction Fuzzy Hash: E2217930700205DFCB14DF69C889EAABBE6AF48304F2144A9E606EB761DB72AC44CB51
                                                                                                                                                                                Function 07D92858 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9b5695e6822db890000e12c12c79dfc96217a44ffce722a272537fc747fdf111
                                                                                                                                                                                • Instruction ID: bb0ca85c08cc0309a03f8d18bfb70d817ad5608ecf56b5314d075d40ed33a470
                                                                                                                                                                                • Opcode Fuzzy Hash: 9b5695e6822db890000e12c12c79dfc96217a44ffce722a272537fc747fdf111
                                                                                                                                                                                • Instruction Fuzzy Hash: CA110330204395DFCB156B78E15C2D9BBB9FF46314F1444AAD046CBAA2DF34AC59C791
                                                                                                                                                                                Function 07DF0F20 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e9fcf575509b6c83a88a604b3d0d2655d16b17d768b563d162ee9d41d046880c
                                                                                                                                                                                • Instruction ID: 1db974d3422220746da48b8beda470e2ac9f3892c510ab600c1ca3362b3c8a84
                                                                                                                                                                                • Opcode Fuzzy Hash: e9fcf575509b6c83a88a604b3d0d2655d16b17d768b563d162ee9d41d046880c
                                                                                                                                                                                • Instruction Fuzzy Hash: E0217930700205DFCB14DF69C888EAABBE6AF48304F2144A9E606EB761DB72AC04CB51
                                                                                                                                                                                Function 07DFFF27 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1dfb99f388bb7ff2eaac5c46a40c06b57abbb5f6f577c0a23bbdfc1009516440
                                                                                                                                                                                • Instruction ID: 33643bacc89694de61735ebd129bac0da2bfe532c886533b8e1c4ccbe7ed5584
                                                                                                                                                                                • Opcode Fuzzy Hash: 1dfb99f388bb7ff2eaac5c46a40c06b57abbb5f6f577c0a23bbdfc1009516440
                                                                                                                                                                                • Instruction Fuzzy Hash: 7E213575A002098FDB14DFA8C595ADEBBF1EF49324F2140A9E505BB341CB36ED4ACB90
                                                                                                                                                                                Function 07DFDA91 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ea7d41cd9fd66970440d34d8b98aa8b85251381fa5b701a5c19a8098d244b244
                                                                                                                                                                                • Instruction ID: c26e2b653c034aca89187e312256fbd8bb291e861e77d8f4fe2b355286de1cf4
                                                                                                                                                                                • Opcode Fuzzy Hash: ea7d41cd9fd66970440d34d8b98aa8b85251381fa5b701a5c19a8098d244b244
                                                                                                                                                                                • Instruction Fuzzy Hash: DE113434709200CFCB19EFB996644DCBFF2EF4A20172640AAE542CB755DA34DC82C792
                                                                                                                                                                                Function 07D9B589 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6f253eed4b75e306e79088a428bfb7ddaadaed717556130e0ec222187842ea54
                                                                                                                                                                                • Instruction ID: 9be3e2e3b4aa8a914f79410622875362332b25216dc0fcb97d370d68b7383faa
                                                                                                                                                                                • Opcode Fuzzy Hash: 6f253eed4b75e306e79088a428bfb7ddaadaed717556130e0ec222187842ea54
                                                                                                                                                                                • Instruction Fuzzy Hash: A11129717002206FEB08BA6A9C95BBE76D7EFC8620FA4843EE605DB780DE71CC018755
                                                                                                                                                                                Function 07DDA421 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 19055f546a811c404f96174eef76294a6df1d7c04671849da8a021a448709c1d
                                                                                                                                                                                • Instruction ID: 7cd0fd7bea377536e92b1eab14d52946098b9653ee595be152e545411b3c2209
                                                                                                                                                                                • Opcode Fuzzy Hash: 19055f546a811c404f96174eef76294a6df1d7c04671849da8a021a448709c1d
                                                                                                                                                                                • Instruction Fuzzy Hash: B3213775A002098FCB10DF98C589ADDBBF1EF88324F2185A8E509BB750DB32AD45CF90
                                                                                                                                                                                Function 07DD4890 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 78ce093b58cd4877590ad446bc9aca324daf6ac6d901176ee816845b98bc205b
                                                                                                                                                                                • Instruction ID: 3101a08e3e8442f057274b5b46ddc2f8cb531eaaea9d4cecda535e5d0a64663a
                                                                                                                                                                                • Opcode Fuzzy Hash: 78ce093b58cd4877590ad446bc9aca324daf6ac6d901176ee816845b98bc205b
                                                                                                                                                                                • Instruction Fuzzy Hash: 9E216A71B002498FCB14DFA9C485AEEB7F2EF88214F2005ACE505BB790DB719E45CBA0
                                                                                                                                                                                Function 07DFADE8 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7aeb6f52299b4f8f638468f0e705705894646dfbd29c8ec4e6b499ff888fa9ee
                                                                                                                                                                                • Instruction ID: 1d27f98e027e37ffc28bcfa43de3f8dcb391cdd13133959fe32ca2b86068104f
                                                                                                                                                                                • Opcode Fuzzy Hash: 7aeb6f52299b4f8f638468f0e705705894646dfbd29c8ec4e6b499ff888fa9ee
                                                                                                                                                                                • Instruction Fuzzy Hash: E2216875A00209CFCB10DFA8C645ADDBBF1EB8C214F2141A9E509BB791DB32AD46CF90
                                                                                                                                                                                Function 07D901C0 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d1c61810b1025cf20ea53edf3c8c0260ecd61b8b602b2fa6464ceeb55e772e55
                                                                                                                                                                                • Instruction ID: 0a573bffa294aca1638655f980e94b885a105c1e97120a5c38aba71b839fa7f8
                                                                                                                                                                                • Opcode Fuzzy Hash: d1c61810b1025cf20ea53edf3c8c0260ecd61b8b602b2fa6464ceeb55e772e55
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A110474B08351CFCB1A6B38B02916E7BA3EFCA311314886AD51AC7390DF398C42CB91
                                                                                                                                                                                Function 07D9B590 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 46554bfecf96d0f65702a5db43f665543a9a1c74d2709f7d2e95a7ffa5493294
                                                                                                                                                                                • Instruction ID: 2e0038f8f11fefe3303d695822d2b0097b284622f4a19c624f2acd794e46ea56
                                                                                                                                                                                • Opcode Fuzzy Hash: 46554bfecf96d0f65702a5db43f665543a9a1c74d2709f7d2e95a7ffa5493294
                                                                                                                                                                                • Instruction Fuzzy Hash: 5811C6707002206FEB08AA6A9C95BBE76D7ABC8620FA4843EE605DB384DE71CC018755
                                                                                                                                                                                Function 07DDA338 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: da7a4e3bb9d6e6d70a9d7d7e6b6d6f6674d93948e67928614db1f15322b1a689
                                                                                                                                                                                • Instruction ID: fa7955ffb88063e71fb8eb021390d2822ddb205b0925bffa814174e97c554880
                                                                                                                                                                                • Opcode Fuzzy Hash: da7a4e3bb9d6e6d70a9d7d7e6b6d6f6674d93948e67928614db1f15322b1a689
                                                                                                                                                                                • Instruction Fuzzy Hash: ED11BC70B042069FCB18AAB984146AABBEAAF89214B24C4BAE805CB751EE35DC45C751
                                                                                                                                                                                Function 07DDFAE4 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 37aac24364918f5b80298ff82697e30321bd3a886230b9ed054d1cda61435c69
                                                                                                                                                                                • Instruction ID: b007af8dd7819db96b7d47fc84b18fabbe3d1839e080229b22c892a0f7063f84
                                                                                                                                                                                • Opcode Fuzzy Hash: 37aac24364918f5b80298ff82697e30321bd3a886230b9ed054d1cda61435c69
                                                                                                                                                                                • Instruction Fuzzy Hash: 4B21F875B01204DFCB19DFA5E5589ADBFF2AF88221B198064E806A7360DB34DD45CB60
                                                                                                                                                                                Function 07E13D58 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bd706437f3e038dcf44952385e67cd06244f451d615a45d34ff0be55559d0f49
                                                                                                                                                                                • Instruction ID: ee96f50d246f9117d7683d994e5c793a359a9edc7470551bb69e4b283e7d0baf
                                                                                                                                                                                • Opcode Fuzzy Hash: bd706437f3e038dcf44952385e67cd06244f451d615a45d34ff0be55559d0f49
                                                                                                                                                                                • Instruction Fuzzy Hash: FE119AB1A05308CFCB25CF7AD4496DEBFF5EB8A315F1480AAD005E7251D7348985CBA0
                                                                                                                                                                                Function 07DFFE90 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c0af57289c786b821066a3e3a361cade181e8f4c41bc49881780d27604e5986b
                                                                                                                                                                                • Instruction ID: 8da76d04581e9d47625b654eaf1f81adcdbfd4c51c4774ecad4a204cf64e580e
                                                                                                                                                                                • Opcode Fuzzy Hash: c0af57289c786b821066a3e3a361cade181e8f4c41bc49881780d27604e5986b
                                                                                                                                                                                • Instruction Fuzzy Hash: 3A11E774B002159FCB14DF69D89487EFBBAFF89214715806AE906C7361DB329D06CBA1
                                                                                                                                                                                Function 07DD29E0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ae8e94bc30723a613f79d88d646e459b11dd83e6b6829cbf1c93d1a68117496f
                                                                                                                                                                                • Instruction ID: 7ae7b63d2e99090f2e94d96bc445af5bf72be592d283e4bce6817fd2d3e90ca0
                                                                                                                                                                                • Opcode Fuzzy Hash: ae8e94bc30723a613f79d88d646e459b11dd83e6b6829cbf1c93d1a68117496f
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F21A976A0011EEFCF05DF95D844CDEBBBAFF88210F044126F515A7260DB35A915DBA1
                                                                                                                                                                                Function 07DD1C71 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e63929bc78194fdb00be56b6a467e10692880e1caa4b845f68fb72c82d4df70c
                                                                                                                                                                                • Instruction ID: fac07b09eaab2e100aa2dc228cb21136fc8f805838043b00bebff79c03d1c337
                                                                                                                                                                                • Opcode Fuzzy Hash: e63929bc78194fdb00be56b6a467e10692880e1caa4b845f68fb72c82d4df70c
                                                                                                                                                                                • Instruction Fuzzy Hash: 6D216AB0A01215DFC709DB38D458669BBF6FF89316B2544AAE446CB761DB36DC41CB80
                                                                                                                                                                                Function 07DD19FE Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4f185aa640a07c5230e304eb5d401ce8abc0e1a7234cb2f80da29661af2bb765
                                                                                                                                                                                • Instruction ID: d40f6fe156997a97ac1d9c5338517fbd5534345dd496bc651a664332d60755cb
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f185aa640a07c5230e304eb5d401ce8abc0e1a7234cb2f80da29661af2bb765
                                                                                                                                                                                • Instruction Fuzzy Hash: F8215B70E00259DFDB08DFA4D8556EDBBB2EF89310F218029E506AB764DF359D46CB41
                                                                                                                                                                                Function 07DDA0A0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 37bd8f10ad92405f31f6f41f53eaf3017c1b5a0cbb985a6cd55ea1ea7edf7f41
                                                                                                                                                                                • Instruction ID: a265a4cd43d476a0b02ddd79a8fb9865c2d33ee44f4a796a1768895d4c441e61
                                                                                                                                                                                • Opcode Fuzzy Hash: 37bd8f10ad92405f31f6f41f53eaf3017c1b5a0cbb985a6cd55ea1ea7edf7f41
                                                                                                                                                                                • Instruction Fuzzy Hash: E2110870B112518BCF16BBB491190AC7BF6AFC5210B10C5AAD882D7790EF398D49CBA3
                                                                                                                                                                                Function 07E15E58 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d613485efbf08455279238a07b976027f5cfa02f74856e2e615c217ae3a306b5
                                                                                                                                                                                • Instruction ID: 5549de6b92de05e3f6c4858b1cbd680631070e456b76e0f86536fd3bbfd65b9b
                                                                                                                                                                                • Opcode Fuzzy Hash: d613485efbf08455279238a07b976027f5cfa02f74856e2e615c217ae3a306b5
                                                                                                                                                                                • Instruction Fuzzy Hash: 140189B1F092444BCF109679A811AEE7BB5DFCA114F44943FD422E7780DB258829CBE2
                                                                                                                                                                                Function 0775737F Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5b11f5f327983b33d7bd7888f2c283f39b32da36e7e71ece4c8d3eb546759ce4
                                                                                                                                                                                • Instruction ID: cb5fae1a68e5ada6ed158c61f24c213ccc0f6f0393fc8522977968a45003b728
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b11f5f327983b33d7bd7888f2c283f39b32da36e7e71ece4c8d3eb546759ce4
                                                                                                                                                                                • Instruction Fuzzy Hash: 9311C272B10111CF8B29AB7890515BDB3E2AFC92A8725457EDC0ADB750DF71CC4587C2
                                                                                                                                                                                Function 07E12CB8 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f3aea9da2256b2364f8bd3398a39421206ce42f8eca71ef232e8d278c8e42be6
                                                                                                                                                                                • Instruction ID: 0e4047ccce619e3c4460aa360fdc4e920a1e4cb9d60e3b7c0c39e1ce649c3067
                                                                                                                                                                                • Opcode Fuzzy Hash: f3aea9da2256b2364f8bd3398a39421206ce42f8eca71ef232e8d278c8e42be6
                                                                                                                                                                                • Instruction Fuzzy Hash: 76114F31B101159BCB149B78C858AED77F9FF89714F0540BAE906EB760DE71AC098BD1
                                                                                                                                                                                Function 07052BF0 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2218704854.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7050000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: db60f326d93d6e6fcb36d5035cdb1c047e15d986498563ec8ade0fd00251ff38
                                                                                                                                                                                • Instruction ID: cb019097c1e8cd984747d7c2da3476ce4da13d87b05b54499e611883842b3263
                                                                                                                                                                                • Opcode Fuzzy Hash: db60f326d93d6e6fcb36d5035cdb1c047e15d986498563ec8ade0fd00251ff38
                                                                                                                                                                                • Instruction Fuzzy Hash: 7D11FCB5908301AFD340CF19D880A5BFBE4FB88664F04895EF998D7311E231EA058FA2
                                                                                                                                                                                Function 07757A72 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 904b9371b9137036f6f2ba57579ec593a93cca4a2c9a235399d7e6976593dd76
                                                                                                                                                                                • Instruction ID: 6f7970a3255030768d05df125f9d09f77d55b2003534bca840fa4ffc0615627e
                                                                                                                                                                                • Opcode Fuzzy Hash: 904b9371b9137036f6f2ba57579ec593a93cca4a2c9a235399d7e6976593dd76
                                                                                                                                                                                • Instruction Fuzzy Hash: 3B118175600200CFCB18EB68D195AEDB7F2AF88268F144459C806AB761DB75DE49CBE2
                                                                                                                                                                                Function 07DD7DC8 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6e72d09afc7078681feb0c80b105a930da51f5cc19f582c144ac8451bf3c26e0
                                                                                                                                                                                • Instruction ID: 4a9e012c78cd0e4eaee0724b022821c5cd57b8a9098ab6e97e44da1844887aef
                                                                                                                                                                                • Opcode Fuzzy Hash: 6e72d09afc7078681feb0c80b105a930da51f5cc19f582c144ac8451bf3c26e0
                                                                                                                                                                                • Instruction Fuzzy Hash: 95110830A053449FCB066BB99C254CDBFB9DF8A22071480BAE545D7352DF348C55D7A1
                                                                                                                                                                                Function 07DD29E8 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 912500401dd940637e5ed9adfc3859041d129f9805a114d38f8946c5845c261e
                                                                                                                                                                                • Instruction ID: 9d41c78e0a5238ab5e9f9807e3336bca6e04bac1c54eec6697e997b98d55422f
                                                                                                                                                                                • Opcode Fuzzy Hash: 912500401dd940637e5ed9adfc3859041d129f9805a114d38f8946c5845c261e
                                                                                                                                                                                • Instruction Fuzzy Hash: C311B636A0011EEFCF06DF94D844CDEBBBAFF88210F044126F615A7260DB35A925DBA0
                                                                                                                                                                                Function 07D92671 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 511002b2f4548003854dbff3258b4f1c746a28e174ac6fa87365ba4454e97533
                                                                                                                                                                                • Instruction ID: cb96ecd5445444b4a14111890bbb5f61965794d3d2d77d744b102c24b328abf8
                                                                                                                                                                                • Opcode Fuzzy Hash: 511002b2f4548003854dbff3258b4f1c746a28e174ac6fa87365ba4454e97533
                                                                                                                                                                                • Instruction Fuzzy Hash: 3511E072A0020ADFCF219FA8C449AEEBBF2FF8A314F104169D51AA7650CB316845CF81
                                                                                                                                                                                Function 00E00C24 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2215253993.0000000000E00000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_e00000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7368e5251bb196dbded80b7b1706e84516105d263476ff9988d91729381da2fe
                                                                                                                                                                                • Instruction ID: ffcc2d8c4d881fa3dd8b20197b16991ef6f92a5800370ece3be98b181d0af351
                                                                                                                                                                                • Opcode Fuzzy Hash: 7368e5251bb196dbded80b7b1706e84516105d263476ff9988d91729381da2fe
                                                                                                                                                                                • Instruction Fuzzy Hash: DB118272504200AFD310CE45DD84DA7F7ECEF84624F14C81DF9099B204E332ED068BA2
                                                                                                                                                                                Function 07DF0C49 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7dbe326f3a27e4ebe25083921deab93af10ec62b89bbf8fc612a0c577a503bbf
                                                                                                                                                                                • Instruction ID: a06ea66808516dbcfba0e8b38ab5911dbf04e406e68dd538d2b38081d887e777
                                                                                                                                                                                • Opcode Fuzzy Hash: 7dbe326f3a27e4ebe25083921deab93af10ec62b89bbf8fc612a0c577a503bbf
                                                                                                                                                                                • Instruction Fuzzy Hash: 8211D036E10119AFCB05DFA9C9448EDBBB6FF8C310F158069EA15BB220D731AD55CBA1
                                                                                                                                                                                Function 07D9620B Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f00422b380887f7fdab145ccea93d55f456135d63ad339d4030048853dda8078
                                                                                                                                                                                • Instruction ID: 3beec7f3a776397a01e577e0d3049b4a43a45a254f3062f378ae565b92496997
                                                                                                                                                                                • Opcode Fuzzy Hash: f00422b380887f7fdab145ccea93d55f456135d63ad339d4030048853dda8078
                                                                                                                                                                                • Instruction Fuzzy Hash: 25116374601605CFCB11DFA5D8948EEF7B2FF892043548529D849ABB59D730ED06CBE1
                                                                                                                                                                                Function 07DD76FF Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fd3a889bf78b26251ea118ea835dec8327ab07530c79f9dc304b9ad6779ad3e6
                                                                                                                                                                                • Instruction ID: 05d3de8bc8e789f2e283560d7ac40bb782a3d5c32ade0afa93f48b23f717c615
                                                                                                                                                                                • Opcode Fuzzy Hash: fd3a889bf78b26251ea118ea835dec8327ab07530c79f9dc304b9ad6779ad3e6
                                                                                                                                                                                • Instruction Fuzzy Hash: 6911A0B5704256EFCB118F56D8948AABFF9FF49320B04485AF896C2311CB75DC10DB60
                                                                                                                                                                                Function 07E12D2C Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3d74e597bada5f139be8c87e4b78efc9f0acef393297d4d08df21c0bc7a22cb6
                                                                                                                                                                                • Instruction ID: 10cc691ceedc45be417e7d880dfa67bec79cc4f45cc2a345578eaa2969c2af72
                                                                                                                                                                                • Opcode Fuzzy Hash: 3d74e597bada5f139be8c87e4b78efc9f0acef393297d4d08df21c0bc7a22cb6
                                                                                                                                                                                • Instruction Fuzzy Hash: F1114634B012108BCB09AB79A1584ED37F2EB88315B24806AE806E77A0DF349C4A8B40
                                                                                                                                                                                Function 07E13E20 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 467b9fd40f71b47b26e83bdbc0ef4eb3bfc2ed217e14ec7b55c6a8de592608ff
                                                                                                                                                                                • Instruction ID: 232ab08d0fc3251b27a371f290ce3596cab7c99929b29f74dcf46ef1f897df17
                                                                                                                                                                                • Opcode Fuzzy Hash: 467b9fd40f71b47b26e83bdbc0ef4eb3bfc2ed217e14ec7b55c6a8de592608ff
                                                                                                                                                                                • Instruction Fuzzy Hash: 651179B0A013068FCB24CF69C14579ABFF6AB49314F14946EC049E7240E371E885CBE0
                                                                                                                                                                                Function 07DF71BE Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5af33d8a3fb2fc4bb2b445418b902c431dfa0277882f39baf0b9f77d8b24db86
                                                                                                                                                                                • Instruction ID: df6a425773f4e297b3355535e04dfc3cc9e3127014b218689c1e04e5fc7bb75d
                                                                                                                                                                                • Opcode Fuzzy Hash: 5af33d8a3fb2fc4bb2b445418b902c431dfa0277882f39baf0b9f77d8b24db86
                                                                                                                                                                                • Instruction Fuzzy Hash: AE115CB1A101059BDB15EBA0E949ADCBBB2FB88325F644468F605AB690CF32DD45CB60
                                                                                                                                                                                Function 07D9CAD8 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3cd41fb68ff3f7e31c5f1dfbae83796fde62b76924e03efe20a32002b970cf1e
                                                                                                                                                                                • Instruction ID: 5fead61b64ad104525a6f62b4c8cec41563040cb4bbc7546186ba3755820f262
                                                                                                                                                                                • Opcode Fuzzy Hash: 3cd41fb68ff3f7e31c5f1dfbae83796fde62b76924e03efe20a32002b970cf1e
                                                                                                                                                                                • Instruction Fuzzy Hash: 9211F671E00209CFDB14DBA8C5586EEBBF2AB8D324F218069D809B7750CB3599458BA4
                                                                                                                                                                                Function 07DF0283 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 125b388435608c29dd90f9a5bb4a1723acc6c15bc0faa80ea86b7780579bea83
                                                                                                                                                                                • Instruction ID: 1095e1be0ddefe92397f4496e7da1398dfabef4dca4b95962e96d5aad64f581c
                                                                                                                                                                                • Opcode Fuzzy Hash: 125b388435608c29dd90f9a5bb4a1723acc6c15bc0faa80ea86b7780579bea83
                                                                                                                                                                                • Instruction Fuzzy Hash: 5611A1B13142029BDB452B29EA447BDBADBE785305F05802AF602C76A5CFA2C8D1D701
                                                                                                                                                                                Function 07DF71E5 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5dbbd93958243d3bcd6a808980c8432f5835750b499d15a210101ec1fcfc076d
                                                                                                                                                                                • Instruction ID: d6dfd158ace14ebe3984774f6ef12402768a9a9d1e64c5ee3820eaf79481c5be
                                                                                                                                                                                • Opcode Fuzzy Hash: 5dbbd93958243d3bcd6a808980c8432f5835750b499d15a210101ec1fcfc076d
                                                                                                                                                                                • Instruction Fuzzy Hash: 7A115970A101059BDB15EBA0E949ADCBBB2FB88325F644468F605AB690CF329D45CB60
                                                                                                                                                                                Function 07DDA5BE Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5628d9ade8eb0f5d867ab5b9152f5a55c91d34cf8624166eaf21b1f26b9b36ba
                                                                                                                                                                                • Instruction ID: 64a90cd5b38c31f9274da762e2de86231361389c0c4e233bdc69cbb854c38fe3
                                                                                                                                                                                • Opcode Fuzzy Hash: 5628d9ade8eb0f5d867ab5b9152f5a55c91d34cf8624166eaf21b1f26b9b36ba
                                                                                                                                                                                • Instruction Fuzzy Hash: A1111475A01605CFCB15EBA4D5888ECF7B2AF89325B24C069D802AB750DB35DC46CB90
                                                                                                                                                                                Function 07DF9F98 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3a568305a43b280bfb93ea0e986def944f9cec151a4f4a2d66b70496a0760123
                                                                                                                                                                                • Instruction ID: 4e8e08766c763e1c0b9d26e086194f45ffd1d498bb23ed78780557e0dd701cfc
                                                                                                                                                                                • Opcode Fuzzy Hash: 3a568305a43b280bfb93ea0e986def944f9cec151a4f4a2d66b70496a0760123
                                                                                                                                                                                • Instruction Fuzzy Hash: 6511A572A0415A9FCF11CFA9D8408EEBFB5FF88260B098116F618C7251D730D612CB90
                                                                                                                                                                                Function 077709C8 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219462517.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7770000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5e5a7030ef088f5cf0cb463763e7621631462e4ca0cb7e1f299d61db0a31546c
                                                                                                                                                                                • Instruction ID: dc13afc6c740583b9bf4285650e2902e00d9dbd6a8022ec9d1756cb6863a5ee2
                                                                                                                                                                                • Opcode Fuzzy Hash: 5e5a7030ef088f5cf0cb463763e7621631462e4ca0cb7e1f299d61db0a31546c
                                                                                                                                                                                • Instruction Fuzzy Hash: 9B112F7060A3D56FCB234B2988156257F75FF47350F0684A7E445C7193CA788C45CBB2
                                                                                                                                                                                Function 07E12E98 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b3a54af0515d0c35b358fb534f76640d3566ab443f1e0e26874caed72d7c1b48
                                                                                                                                                                                • Instruction ID: 52e59a1af7032c7271166ec0448030933d057d610a5687abffbee48ccb7e5925
                                                                                                                                                                                • Opcode Fuzzy Hash: b3a54af0515d0c35b358fb534f76640d3566ab443f1e0e26874caed72d7c1b48
                                                                                                                                                                                • Instruction Fuzzy Hash: B2012B333013108F87126659BC454FA7BAAF7C4231304452BE119C2A01CA268C46C7A1
                                                                                                                                                                                Function 07E10070 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fe888c524eae00279d4d77f2ae10fa52b96b551e21fc8f62359ce2fa13adfe1f
                                                                                                                                                                                • Instruction ID: 2fb12434ee78b3f34f265a65c693ba39c3193510718b68e92e61378306c8c9b5
                                                                                                                                                                                • Opcode Fuzzy Hash: fe888c524eae00279d4d77f2ae10fa52b96b551e21fc8f62359ce2fa13adfe1f
                                                                                                                                                                                • Instruction Fuzzy Hash: C211C071301611CFC3249B2AC455A6BF3E6EFC8719B20886DE44A8BB64CF31EC42CB81
                                                                                                                                                                                Function 07D901B0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7e627e72bb8fb62ab3d5ec70bde33422c3391f5ad464eef7d620bf47eed183c2
                                                                                                                                                                                • Instruction ID: e610914d7fd020983fd961b4ced1c0670e3879cf48cee2db15587e0d76099abe
                                                                                                                                                                                • Opcode Fuzzy Hash: 7e627e72bb8fb62ab3d5ec70bde33422c3391f5ad464eef7d620bf47eed183c2
                                                                                                                                                                                • Instruction Fuzzy Hash: 4401F9757093558FCB175B34A4291DDBF76DF8A21132488ABC846CB351DF384D02C791
                                                                                                                                                                                Function 077556C0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 75268caa9963da439115247c44f4adec4606f2db3536778f22ab13e4aef53ac6
                                                                                                                                                                                • Instruction ID: ce76138ac707d06a585111ce1e49a5b07de220e9da791b69e6e34cc74da73a9c
                                                                                                                                                                                • Opcode Fuzzy Hash: 75268caa9963da439115247c44f4adec4606f2db3536778f22ab13e4aef53ac6
                                                                                                                                                                                • Instruction Fuzzy Hash: 4211C471300214DFCB094F15D8889AA3F7BFF89350B050096FA058B765DB72CC11CB91
                                                                                                                                                                                Function 07DD9890 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7729a3c1abf613ac360629f5f4ce1b611e7f117ce05e62cadb0c6a42f72decfa
                                                                                                                                                                                • Instruction ID: 79af9f6538a0542685532225a58971e2e86096eb3623a9318da02df4cdc355a3
                                                                                                                                                                                • Opcode Fuzzy Hash: 7729a3c1abf613ac360629f5f4ce1b611e7f117ce05e62cadb0c6a42f72decfa
                                                                                                                                                                                • Instruction Fuzzy Hash: 94110271A00209CFDB04DFA9C599ADDBBF6EF48314F2450A8D504BB351C772AE49CBA0
                                                                                                                                                                                Function 07DD2CA1 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cd40125c94b7cc455386d1e3272568cfe11510e2f5266d1d17432fa5d6b22fe0
                                                                                                                                                                                • Instruction ID: 4704c7cb0173e89d804145bccaaa1c814d61fb367b8d5cce05ecdf91e6fa1227
                                                                                                                                                                                • Opcode Fuzzy Hash: cd40125c94b7cc455386d1e3272568cfe11510e2f5266d1d17432fa5d6b22fe0
                                                                                                                                                                                • Instruction Fuzzy Hash: B3114CB0A003099FDB149B99C499BEEBBF2BF48320F189039E545BB790DB705C45DB90
                                                                                                                                                                                Function 07E13EC6 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9268035a8fae61696698f8aeaf8a27fb4596c9ea725f1c7c1065cb2da5a9cb87
                                                                                                                                                                                • Instruction ID: 935fe1c56da284eda6b01b32285aab884762cb9d9ff596810ceba625f534d374
                                                                                                                                                                                • Opcode Fuzzy Hash: 9268035a8fae61696698f8aeaf8a27fb4596c9ea725f1c7c1065cb2da5a9cb87
                                                                                                                                                                                • Instruction Fuzzy Hash: 45219FB4A01208CFCB08DFA5D1899D8BBF2BF88315B6191A9E405AB3A1DB31ED45CF50
                                                                                                                                                                                Function 07DDE790 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a1fb04ec09b60845d0902c6bc7d35e4039fde8a2f763c18851f3c2d9c8367112
                                                                                                                                                                                • Instruction ID: eb3e49dfcefbba97f47ef706c424ce1c9c0ed80f0f028fc647ed80001a70419b
                                                                                                                                                                                • Opcode Fuzzy Hash: a1fb04ec09b60845d0902c6bc7d35e4039fde8a2f763c18851f3c2d9c8367112
                                                                                                                                                                                • Instruction Fuzzy Hash: F6116575205B00CFC725EF25E44006AFBE6AFC9621314C67FD49A877A0C7349D46CB91
                                                                                                                                                                                Function 07DD7BEF Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5c84e0c26dc855ed8c6c9aec6c30ca7031f105811cfc0fd2b6a1597d3c37a262
                                                                                                                                                                                • Instruction ID: 0939558cf19d7ea9b9277ee249eea4e9d33dadf07b0eb9024dc0be873f7b950a
                                                                                                                                                                                • Opcode Fuzzy Hash: 5c84e0c26dc855ed8c6c9aec6c30ca7031f105811cfc0fd2b6a1597d3c37a262
                                                                                                                                                                                • Instruction Fuzzy Hash: 5011847610024AEFCF025F99DC018EEBBB5FF49324B148026FD9597210D7359935EB50
                                                                                                                                                                                Function 07DD987F Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e5ceecba3d6907ccb9df2f27410cd6d31356c75841d0a3e1b4969efdf302f9df
                                                                                                                                                                                • Instruction ID: a510fb80e68230b54f0c6d324d179d411b12925e1659bbd6d4576e9f2b8a9117
                                                                                                                                                                                • Opcode Fuzzy Hash: e5ceecba3d6907ccb9df2f27410cd6d31356c75841d0a3e1b4969efdf302f9df
                                                                                                                                                                                • Instruction Fuzzy Hash: E3113771A04249CFDB04DFA9C595ADDBBF2AF48314F2450A8D444BB251CB72AE49CBA0
                                                                                                                                                                                Function 07E11F58 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0ed8fc69d9a2d66c501799ac9d4906e15014c85c485850aeead0a708249b2633
                                                                                                                                                                                • Instruction ID: 3ba3d1c5cc3bc08a860844ecb148c36340bd645df16f107567c51c0256be6a7a
                                                                                                                                                                                • Opcode Fuzzy Hash: 0ed8fc69d9a2d66c501799ac9d4906e15014c85c485850aeead0a708249b2633
                                                                                                                                                                                • Instruction Fuzzy Hash: 941182B43011058FC724CF1AE089A56F7E1FF88319B188669EA098BB45C731EC56CB91
                                                                                                                                                                                Function 07DF9570 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ec2314e87d92246c05078e4d51117aba4a185e1452d698975d58ec55e43be2c3
                                                                                                                                                                                • Instruction ID: 27fc5b7701684bfa929970d2b7e715d39c6db9e3ea756b0f8678a9a923eac402
                                                                                                                                                                                • Opcode Fuzzy Hash: ec2314e87d92246c05078e4d51117aba4a185e1452d698975d58ec55e43be2c3
                                                                                                                                                                                • Instruction Fuzzy Hash: 7801B176E00114CFCB40DB69A801BEEFFF8EB98221F10406BE118D3250E6319A058BE1
                                                                                                                                                                                Function 07DF2168 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f0c3e0b3d423f73b10d325229b615dec26d746e9d11094bde0bc2e073d8be3f8
                                                                                                                                                                                • Instruction ID: d327fcfe223944f416de1470157bca4b81e7f82680888f75bac5bd067ec2670d
                                                                                                                                                                                • Opcode Fuzzy Hash: f0c3e0b3d423f73b10d325229b615dec26d746e9d11094bde0bc2e073d8be3f8
                                                                                                                                                                                • Instruction Fuzzy Hash: 820184B2604250AFD305A756DC46DEBBBB9EFC9620718C16EF509EB661DF709D0083A1
                                                                                                                                                                                Function 07D962B8 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 216045ea25cdd16c4b7b191634b185d84010f64520a9beffcf4496ec8a6ca23e
                                                                                                                                                                                • Instruction ID: a4b925687c93de6725f8ece095e1f14de4d9b13cf8c0e7eb025042e6b7a2acbb
                                                                                                                                                                                • Opcode Fuzzy Hash: 216045ea25cdd16c4b7b191634b185d84010f64520a9beffcf4496ec8a6ca23e
                                                                                                                                                                                • Instruction Fuzzy Hash: E9110030200305CFC3608B64D588AAAF7F2FF84329B58942DD1068BBA2CB30F846CB90
                                                                                                                                                                                Function 07DD77A8 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 618af9d761a37667b0b8b2de8eee4776e7c558394821cbbad425682d1db92a04
                                                                                                                                                                                • Instruction ID: 7ec9b68f1454abbe22893ffa5716bf72da4b9808417c815db12980f76cd50dab
                                                                                                                                                                                • Opcode Fuzzy Hash: 618af9d761a37667b0b8b2de8eee4776e7c558394821cbbad425682d1db92a04
                                                                                                                                                                                • Instruction Fuzzy Hash: 3E1184B1200341DFCB264F5AD448A6AFBB6FF85325F1884AEE49686AB1C735DC58DB10
                                                                                                                                                                                Function 07DDF507 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5eb0edbcd929ecf54fe74500682dc93af939184f09f444e4d0fb40fd3e781aa5
                                                                                                                                                                                • Instruction ID: 2a5ea2204439d29591f338855488ee642650c40d1e7519a92b1ce8acbf8a935d
                                                                                                                                                                                • Opcode Fuzzy Hash: 5eb0edbcd929ecf54fe74500682dc93af939184f09f444e4d0fb40fd3e781aa5
                                                                                                                                                                                • Instruction Fuzzy Hash: EA01F272B002059FCB005F6DD4501EEBBF6EF88320B540079E95AE3740EF319E108BA0
                                                                                                                                                                                Function 07E13EF4 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cb478c6987543b55248c2b037181f63bdb3300df721eae7867a5a74a5e4ec217
                                                                                                                                                                                • Instruction ID: 5eceb04624db3873df45e37c05cd0ee600fc6b1c2533faf100e9af6f398dad28
                                                                                                                                                                                • Opcode Fuzzy Hash: cb478c6987543b55248c2b037181f63bdb3300df721eae7867a5a74a5e4ec217
                                                                                                                                                                                • Instruction Fuzzy Hash: 62116FB4A01208CFCB18DFA5D189AD8BBF2BF88315F2151A9E405AB2A1DB35DD85CF50
                                                                                                                                                                                Function 07DF9863 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: af4ed84ca6c02a4ad12c76901ca4f59129fc1fd782bb989ce038838d235c79f3
                                                                                                                                                                                • Instruction ID: d6dbd8187439bbc45504456b66593ab4ee467c6826738d2c6dd8353a6f50de6d
                                                                                                                                                                                • Opcode Fuzzy Hash: af4ed84ca6c02a4ad12c76901ca4f59129fc1fd782bb989ce038838d235c79f3
                                                                                                                                                                                • Instruction Fuzzy Hash: 4F0126B3F00154ABCB1566A9AC114EEFBA9EACA1603044077E214D7211DA209A5687A0
                                                                                                                                                                                Function 0775EF31 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: be074af50e851640cbdd7503a8341d61964f1f2a5320783dfd50bb3d20c2cadb
                                                                                                                                                                                • Instruction ID: ee67e212d49d56807a5c35ff639df1eb403a745652a810efc7de3c1b6bec4fc4
                                                                                                                                                                                • Opcode Fuzzy Hash: be074af50e851640cbdd7503a8341d61964f1f2a5320783dfd50bb3d20c2cadb
                                                                                                                                                                                • Instruction Fuzzy Hash: 7A0121313093808FC7161B30B8584EA7FB2EF8B62535880EBD142CB693CF688806C792
                                                                                                                                                                                Function 07DF1B08 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 45649c0ab773a5d14d89d41af8d8fd79795c60cc5cf45b00af1c0eccadb8e1ac
                                                                                                                                                                                • Instruction ID: 4fe94c6d2114645adf3612f956f2078280478c61a107f345fd7439d747ebec81
                                                                                                                                                                                • Opcode Fuzzy Hash: 45649c0ab773a5d14d89d41af8d8fd79795c60cc5cf45b00af1c0eccadb8e1ac
                                                                                                                                                                                • Instruction Fuzzy Hash: 4811797A601605DFCB11DFA4D9448AAFBB6FF8C3603104628E64A97B20DB31EC14CB50
                                                                                                                                                                                Function 07D92290 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b176a7e4f0a0f68e0ed92359dcae06fc22d0815c25b29a604e84ea521d518a81
                                                                                                                                                                                • Instruction ID: e7d0e9843e7cedd7f7df47e010938ffec4aba0364bc6782126557d08d3cb623f
                                                                                                                                                                                • Opcode Fuzzy Hash: b176a7e4f0a0f68e0ed92359dcae06fc22d0815c25b29a604e84ea521d518a81
                                                                                                                                                                                • Instruction Fuzzy Hash: C6111875A042089FCB14DFA9D488ADEBBF2AF48314F2480A9D409AB351C775ED84CFA0
                                                                                                                                                                                Function 07DD7F67 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4856a6856482824fee4a425e5256b40be032c59d1cb642bcfefd25e4551900a6
                                                                                                                                                                                • Instruction ID: 0f7cc1889c10ed4927ac461b4adfa6c040b04891da580cc427c6480bb30ff83f
                                                                                                                                                                                • Opcode Fuzzy Hash: 4856a6856482824fee4a425e5256b40be032c59d1cb642bcfefd25e4551900a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 670147317083408FC301A7AAFD045887BF1FB8A338B0888A6E04DD7712CF258806C755
                                                                                                                                                                                Function 07DF1AF8 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d7121689ae5150197bf827b5be841041183dba3736bb17474acd91558e68b588
                                                                                                                                                                                • Instruction ID: 6458595037c46ef466db4a0d4b4db52d549f34ca187519b97a3274ee4fe8888e
                                                                                                                                                                                • Opcode Fuzzy Hash: d7121689ae5150197bf827b5be841041183dba3736bb17474acd91558e68b588
                                                                                                                                                                                • Instruction Fuzzy Hash: 4401D87A501306DFCB22CF68D944896FFB2FF4E221315455AE54997711E731EC45CB90
                                                                                                                                                                                Function 077556D0 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7191871c6b311fbba7e022043e799239cf5e83f18d9e3c822c7d4299d5571668
                                                                                                                                                                                • Instruction ID: 3b71fbd7591ab37261d3ac726e1e9ddc4a0664d93c76a30d26a872d61677cc5d
                                                                                                                                                                                • Opcode Fuzzy Hash: 7191871c6b311fbba7e022043e799239cf5e83f18d9e3c822c7d4299d5571668
                                                                                                                                                                                • Instruction Fuzzy Hash: C1012975300118DFCB089F59D894C6E3BABFF88751B144099FA058B665DB72CC11CB91
                                                                                                                                                                                Function 07DD31E0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 67dc168f1fd2df20a2ce041bcd225ce3725443673373ffbcd067e7748de2eff6
                                                                                                                                                                                • Instruction ID: ece0032b849d11659a93a151ec49ef59d4e150d1fb555551291c964bc4316ecc
                                                                                                                                                                                • Opcode Fuzzy Hash: 67dc168f1fd2df20a2ce041bcd225ce3725443673373ffbcd067e7748de2eff6
                                                                                                                                                                                • Instruction Fuzzy Hash: A0012631704255CFCB059B69D4489EEBBF5EF86324B1040AED442DBA61EF719C19CB82
                                                                                                                                                                                Function 07DDFB40 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c22efdba5bff9d9eb174795a8956009d14a5e3b0797d5fe5547256c68ccd60d3
                                                                                                                                                                                • Instruction ID: c95b1ecfc0c13190b47d0e06224d69b8569819971aa19af6f64583e567e3d07e
                                                                                                                                                                                • Opcode Fuzzy Hash: c22efdba5bff9d9eb174795a8956009d14a5e3b0797d5fe5547256c68ccd60d3
                                                                                                                                                                                • Instruction Fuzzy Hash: B411E57AA012049FCB19DFA8E548CDEBFB2EF8C220B158055E801AB325DB30DC45CF60
                                                                                                                                                                                Function 07DD5498 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c3921da3836e25e9dba36364129e3ad7993705981f8ea9c5e3d24722819e795e
                                                                                                                                                                                • Instruction ID: 3d2d8621be60dcb40b1d4c149f1e9f23309721e948d1929d34588db90f12e07e
                                                                                                                                                                                • Opcode Fuzzy Hash: c3921da3836e25e9dba36364129e3ad7993705981f8ea9c5e3d24722819e795e
                                                                                                                                                                                • Instruction Fuzzy Hash: 4201D87130C3819FC3229B34A8586567FB5AF86215B1905EAE186CB3A2C764DC59C721
                                                                                                                                                                                Function 07DDE010 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 053d66bb21d0f401c33e4a7c532c3d15b051988ad3c466b50a1082e17af46ef3
                                                                                                                                                                                • Instruction ID: 46b267689ff63de903f44f649a8acd9125b477e7ba09d79955badc0f4e7119cc
                                                                                                                                                                                • Opcode Fuzzy Hash: 053d66bb21d0f401c33e4a7c532c3d15b051988ad3c466b50a1082e17af46ef3
                                                                                                                                                                                • Instruction Fuzzy Hash: F3F0D1713042548F8B066A39645857FEFA6AFCA221718817EE00ACB3A1CE288D068396
                                                                                                                                                                                Function 07E12E28 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: edb717404ccb6c7ce26794ab99949f4e1305f988b87de5204f549b49e4a6633b
                                                                                                                                                                                • Instruction ID: e3d085480ad85626c841f79e1f24c511d5309fed7177056b852bd28e42ebc1e2
                                                                                                                                                                                • Opcode Fuzzy Hash: edb717404ccb6c7ce26794ab99949f4e1305f988b87de5204f549b49e4a6633b
                                                                                                                                                                                • Instruction Fuzzy Hash: 0D01DE71A00106CFCF15CB29D4486AAB7F9EB85229F1040A9D608D7251C7315905CBA1
                                                                                                                                                                                Function 07DF3B28 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5e3907908559678dc57e6c7e8923ce847eaaf0156470dcd7e9eb2ede933c5ae0
                                                                                                                                                                                • Instruction ID: 4f35cb6ff4acbacb7da0d404164894e93cf67feda529683ca401960c4d78f743
                                                                                                                                                                                • Opcode Fuzzy Hash: 5e3907908559678dc57e6c7e8923ce847eaaf0156470dcd7e9eb2ede933c5ae0
                                                                                                                                                                                • Instruction Fuzzy Hash: 7901A2F1200302DFC725CF2AD468A96BFA5EF85361717847AD949CB260DB35D881CB90
                                                                                                                                                                                Function 07DDF518 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 10858a20f234c21bbabafcf982b1f029495f3c0f1b84e3f7e31cd45428beeb94
                                                                                                                                                                                • Instruction ID: dde81b169c8065232e01d2ab24a902b3f9f21c7fdef989d0545ceb76a3e04afd
                                                                                                                                                                                • Opcode Fuzzy Hash: 10858a20f234c21bbabafcf982b1f029495f3c0f1b84e3f7e31cd45428beeb94
                                                                                                                                                                                • Instruction Fuzzy Hash: 7601AD72B002049FCB14AF69C4545AEBBFAEB8D220F040079E51BE7750DA31AD048BA1
                                                                                                                                                                                Function 00E005E0 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2215253993.0000000000E00000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_e00000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7ca33c79b8cc9cc10b9c916f4b73f2659ce043703a91850d2c1b753559522cbd
                                                                                                                                                                                • Instruction ID: ebc0625e471e2b89bdf268cf8c4f77a283725a54ffd4d01e042864ae1a51fc6a
                                                                                                                                                                                • Opcode Fuzzy Hash: 7ca33c79b8cc9cc10b9c916f4b73f2659ce043703a91850d2c1b753559522cbd
                                                                                                                                                                                • Instruction Fuzzy Hash: 3B01A2B65093806FC711CF05AD40863FFB8EB86620709849FEC498B612D225B919CBB2
                                                                                                                                                                                Function 07D921E9 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c570a4ff3be93dee28204f0e4cda37860b7a09d54085074646d1891aa755f5ca
                                                                                                                                                                                • Instruction ID: 6d4453a2c9ba67a6b52d8d51a304533706ba9f2623abb7a346acfe505fb462dd
                                                                                                                                                                                • Opcode Fuzzy Hash: c570a4ff3be93dee28204f0e4cda37860b7a09d54085074646d1891aa755f5ca
                                                                                                                                                                                • Instruction Fuzzy Hash: 671182B0904246AFDF61DF64C449BDAFFF1BB0A314F144558D082976A2C374A999CB91
                                                                                                                                                                                Function 0775BBC0 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cdb8056484911b71d02e19a0d49ad9701916ce3dcffb68ec6b53351a58ed9fb8
                                                                                                                                                                                • Instruction ID: 57979ca07a98953b23445876964a12fc93b5d045a1a0a827f02d1ff87ef5960b
                                                                                                                                                                                • Opcode Fuzzy Hash: cdb8056484911b71d02e19a0d49ad9701916ce3dcffb68ec6b53351a58ed9fb8
                                                                                                                                                                                • Instruction Fuzzy Hash: 05018FF1F0121A8F8F54EBA994151FEBAF59B88690B11443ACC15F7318EA304D018BE0
                                                                                                                                                                                Function 07DD6040 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7f2e68a46fc91d9611b75a6dd7af56e6c1522daddbceef25e7318a29e4b80319
                                                                                                                                                                                • Instruction ID: 1396d5efe42a957396109fde5f72e63c47a419f26d37adc37941769caaaed7ea
                                                                                                                                                                                • Opcode Fuzzy Hash: 7f2e68a46fc91d9611b75a6dd7af56e6c1522daddbceef25e7318a29e4b80319
                                                                                                                                                                                • Instruction Fuzzy Hash: 9BF0C8712043159FC7058F95D8808FBFB78EF8A2A4B10812AFD59D7210D730DC04C7A0
                                                                                                                                                                                Function 07DD4460 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c59980574e50aae8cd52d9d4acaea01c6739b74d959673679c51f09db4e55890
                                                                                                                                                                                • Instruction ID: 19a83eec5b8aad9675fa02e022f99ca6712f7319e006852d539c947eca5b357b
                                                                                                                                                                                • Opcode Fuzzy Hash: c59980574e50aae8cd52d9d4acaea01c6739b74d959673679c51f09db4e55890
                                                                                                                                                                                • Instruction Fuzzy Hash: B00184B1904205AFC710DFA5D9049DFF7F5EF89310B104669E959EB750E770AD08CBA2
                                                                                                                                                                                Function 07E12E17 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 00b29ffe79187c8aa1f878ec84b9564d7dee5ce66e88447a6b18d737c54afd32
                                                                                                                                                                                • Instruction ID: ef70db0eccb3298803c7d8b542252b6d50842d92dcabc0421bd2c7aa0295734b
                                                                                                                                                                                • Opcode Fuzzy Hash: 00b29ffe79187c8aa1f878ec84b9564d7dee5ce66e88447a6b18d737c54afd32
                                                                                                                                                                                • Instruction Fuzzy Hash: 9A012671A01246CFCF22CF2AD8497DABBF9FF46219F1441AAD908DB151D3305989CBA1
                                                                                                                                                                                Function 07DF5E48 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 694debb9b0bbb3eae5b5da845ad296193e463b9bc4bc2a53fb5b8975601b8173
                                                                                                                                                                                • Instruction ID: 411b28c0e1515cbef97221ab438c95b67ecc67b24f39b19eb34cfea8033a2e41
                                                                                                                                                                                • Opcode Fuzzy Hash: 694debb9b0bbb3eae5b5da845ad296193e463b9bc4bc2a53fb5b8975601b8173
                                                                                                                                                                                • Instruction Fuzzy Hash: A40100B0210212CFD734CF26E448B65F3E5BF05316B1644A9D28B8BA21D771ECA0CF81
                                                                                                                                                                                Function 07E13720 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 01b61a255478c5da6f0e6c0691e076089fd2ff8c690f30979439c45850639958
                                                                                                                                                                                • Instruction ID: 5883c0b94103e9bd24434a9ea3502d9ba187d25ac08ab837646f16ac928e892e
                                                                                                                                                                                • Opcode Fuzzy Hash: 01b61a255478c5da6f0e6c0691e076089fd2ff8c690f30979439c45850639958
                                                                                                                                                                                • Instruction Fuzzy Hash: 15018BF5E01206ABCB64DB7A98016EBBBE5FF89224B20842AD04DD2200EA3155468BD0
                                                                                                                                                                                Function 07DF2178 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5a51fbac7a68b7a8a1f3abeaefc5507f87b5175e2a704af5a64808ebb2e8a98d
                                                                                                                                                                                • Instruction ID: 9bbddf6826e8b8082a4dad64ea7e725793cd479e46a97759cb5c6e3b9aaa76ef
                                                                                                                                                                                • Opcode Fuzzy Hash: 5a51fbac7a68b7a8a1f3abeaefc5507f87b5175e2a704af5a64808ebb2e8a98d
                                                                                                                                                                                • Instruction Fuzzy Hash: 07F044B5600114AFD304A756DC46DBBB6AEDFC9720714C12DB109AB751DF709C0197A1
                                                                                                                                                                                Function 07D9C9D8 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e90d6bd43d7a3cea30547b26a76884c88c2eae2832f75996abafa16dfa5ec871
                                                                                                                                                                                • Instruction ID: 778ee8a41c79e387ad0d02278754bab9b4854a1bd8e424413f1bb62c18fe22b3
                                                                                                                                                                                • Opcode Fuzzy Hash: e90d6bd43d7a3cea30547b26a76884c88c2eae2832f75996abafa16dfa5ec871
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B01A4BA7042549FCB059B68AC844D9FBB5EB8D3323244077E60AD7352DB304815CB71
                                                                                                                                                                                Function 07757EB0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1bd9eaceca8fede6b90e4820e18d5e5d46ffaa2bfc70c632212002dd1941ea72
                                                                                                                                                                                • Instruction ID: 1295040ca87b91ac28e8769c512b74bd8d6f9083ad9c9e3c4287b7b953975a67
                                                                                                                                                                                • Opcode Fuzzy Hash: 1bd9eaceca8fede6b90e4820e18d5e5d46ffaa2bfc70c632212002dd1941ea72
                                                                                                                                                                                • Instruction Fuzzy Hash: 9BF02EF03042501BD729C728AC10EAB23AA8FCA681B11456EF848CB386DA708C0287A4
                                                                                                                                                                                Function 07DD0E60 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9c9f3dd99d9139ac028f15bb8de7595283b9bc8280fc2251fe64fe0c33144913
                                                                                                                                                                                • Instruction ID: bdb339df5de27e03d6e87e89e18c94c5f6b2d0e2aeb465ce4c33a770db67875b
                                                                                                                                                                                • Opcode Fuzzy Hash: 9c9f3dd99d9139ac028f15bb8de7595283b9bc8280fc2251fe64fe0c33144913
                                                                                                                                                                                • Instruction Fuzzy Hash: B901D170308744AFD32927348958B67BBEAEF85714F00447DE19A8B682DFB6AC84D761
                                                                                                                                                                                Function 07DD985F Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 532b2dccd2f62574116cccebe273ddec3d7d630a64b7ae8110e7050203bdd927
                                                                                                                                                                                • Instruction ID: a0497ec229ed49e04eea22f5bb2634cfd564df3784de1f1740e416ec95d3314e
                                                                                                                                                                                • Opcode Fuzzy Hash: 532b2dccd2f62574116cccebe273ddec3d7d630a64b7ae8110e7050203bdd927
                                                                                                                                                                                • Instruction Fuzzy Hash: 06118BB0604249CFCB00DFA9C5A4ADCBBF0BF09308F255098D044AB252C772AD49CF50
                                                                                                                                                                                Function 07E13F32 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8447f284ad86577b12328757c21548b0327057ae9e66a098607426f3acb04762
                                                                                                                                                                                • Instruction ID: d0c340cbe46e90cbb42a2d8d39b84d2798b8de81b680890facf39638e9f2130f
                                                                                                                                                                                • Opcode Fuzzy Hash: 8447f284ad86577b12328757c21548b0327057ae9e66a098607426f3acb04762
                                                                                                                                                                                • Instruction Fuzzy Hash: 47119674A01208CFCB18DFA5D48999CB7F2FF8C325B2191A9E405AB361DB35D941CF50
                                                                                                                                                                                Function 07DF9F47 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d1ddca810cdd43ac1b7c2ba3c8be44d5ae78b876ca25105703dfddc49d163a0a
                                                                                                                                                                                • Instruction ID: 72875b8ec67257cd6030a400208a9fe459df446d0f8c094f1ba6c78a1a306904
                                                                                                                                                                                • Opcode Fuzzy Hash: d1ddca810cdd43ac1b7c2ba3c8be44d5ae78b876ca25105703dfddc49d163a0a
                                                                                                                                                                                • Instruction Fuzzy Hash: A701A7366042959FCB01DF64E8049D93FF5FF85315F0940AAF505CB221C7759D1AC761
                                                                                                                                                                                Function 077583C1 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a53cbfc21595f49ec49f5d2b427098001029ebdf2989983694e8191d59a427ed
                                                                                                                                                                                • Instruction ID: d30ac3e1e1832724fb4183e411d4829ab8ec95cd648a86d75c9d12a8bbe3b7ec
                                                                                                                                                                                • Opcode Fuzzy Hash: a53cbfc21595f49ec49f5d2b427098001029ebdf2989983694e8191d59a427ed
                                                                                                                                                                                • Instruction Fuzzy Hash: FE01A2302002559FC7109B65D4488ABBBF5AF85248755C46EE4458FA25CAB0EC06C7D0
                                                                                                                                                                                Function 07D982C8 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a083e0b2570431d0595cd2fa539ea94813a77ad2be9f604486973ce55e510812
                                                                                                                                                                                • Instruction ID: f84c7cd8950d59c938dde41c43ab70602984bb438a9c94889b6e567fa67832a5
                                                                                                                                                                                • Opcode Fuzzy Hash: a083e0b2570431d0595cd2fa539ea94813a77ad2be9f604486973ce55e510812
                                                                                                                                                                                • Instruction Fuzzy Hash: C2018B72E0026ACFCF019B69D40969DFBF0BF8AB21F048565D816D3340EF3896018B95
                                                                                                                                                                                Function 07D9210F Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3be05c45a252337b190301facfd6c4272c2617967c91f0785d3eed0b0c41e26b
                                                                                                                                                                                • Instruction ID: ed4d104f9fe45d429d7c696d4ab532703f316c9bb068b27bcd8c147108568152
                                                                                                                                                                                • Opcode Fuzzy Hash: 3be05c45a252337b190301facfd6c4272c2617967c91f0785d3eed0b0c41e26b
                                                                                                                                                                                • Instruction Fuzzy Hash: BD0188B0710206EFDF1897A4DC157EEB6B2AB85304F204039DA02FA690DF71DC56C761
                                                                                                                                                                                Function 07D9C407 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 72f195551e78c34cbf79c5ddae3d966dbed2d654fe313d272ab6c15385f895aa
                                                                                                                                                                                • Instruction ID: 18392ce0c4456f1ed2dd0488d7dd7793359051598497ed863269a5f78b7a5244
                                                                                                                                                                                • Opcode Fuzzy Hash: 72f195551e78c34cbf79c5ddae3d966dbed2d654fe313d272ab6c15385f895aa
                                                                                                                                                                                • Instruction Fuzzy Hash: 2FF02230700341CFCF299B35D4881ADBBB2AF05244B10447DD80A87244EB74A845CBA0
                                                                                                                                                                                Function 07DD0EDB Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 47787966a50cd7125278670a1dd131d0fe438358e9c66c81da107b8b543a96b4
                                                                                                                                                                                • Instruction ID: 36a51870347ae38cf9e85ded0159e7b2608535efb9ccf59f65cc4151de579860
                                                                                                                                                                                • Opcode Fuzzy Hash: 47787966a50cd7125278670a1dd131d0fe438358e9c66c81da107b8b543a96b4
                                                                                                                                                                                • Instruction Fuzzy Hash: 5AF0A4313057159FC711DB76D8409DAF7BAEFC9224710861AE4458FB64DB70DD0A87E1
                                                                                                                                                                                Function 07DDAE5B Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6512cf5902c756afd5abd53dbc1cf85ebd654d7cb2c2b193f364d961bc00b098
                                                                                                                                                                                • Instruction ID: 9d0ef645336022d148925e82c916b17c357bb14c77f616dd74033843424a8af8
                                                                                                                                                                                • Opcode Fuzzy Hash: 6512cf5902c756afd5abd53dbc1cf85ebd654d7cb2c2b193f364d961bc00b098
                                                                                                                                                                                • Instruction Fuzzy Hash: 2701D631204381AFC7129B65DC44DEBBBB6EFC9220711C16AF559CBA61DB359C05C761
                                                                                                                                                                                Function 07770A77 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219462517.0000000007770000.00000040.00000800.00020000.00000000.sdmp, Offset: 07770000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7770000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 610a94ef84cd7c955affbf8f27f4a9d69277be57b179d4b74a215144a5f4eafa
                                                                                                                                                                                • Instruction ID: 3c0b2df5cbf9a96a772f7615fb631e0036514a07eb3e9b44c7b633ad6212ab4b
                                                                                                                                                                                • Opcode Fuzzy Hash: 610a94ef84cd7c955affbf8f27f4a9d69277be57b179d4b74a215144a5f4eafa
                                                                                                                                                                                • Instruction Fuzzy Hash: 4401F4F5710211ABCF214A588418B6DBBA3FB853D4F068469F906DB7A9CA71CC95CBE0
                                                                                                                                                                                Function 07DF3A11 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e892c9edf23bc3042831888499cc30722fc83978eaacfcd91fb9bbe953942f1d
                                                                                                                                                                                • Instruction ID: 372debb3066137232cb2df44539c8aca76283ac8740870224eba09cea2157eeb
                                                                                                                                                                                • Opcode Fuzzy Hash: e892c9edf23bc3042831888499cc30722fc83978eaacfcd91fb9bbe953942f1d
                                                                                                                                                                                • Instruction Fuzzy Hash: 06F0B4313111149FC7146B3AD8089A9BBE9EF8769531B40FBE905CB231DA71DC04C7D1
                                                                                                                                                                                Function 07DF1C7F Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3cade2c12f2793634f58f78173b6bcbddfa7a33e41c58ccfed385bb8413347ac
                                                                                                                                                                                • Instruction ID: 93c542e02dc8ed3255f474384906035deb3b1ebde847e86e3126d375974d8908
                                                                                                                                                                                • Opcode Fuzzy Hash: 3cade2c12f2793634f58f78173b6bcbddfa7a33e41c58ccfed385bb8413347ac
                                                                                                                                                                                • Instruction Fuzzy Hash: 02015E74605241DFC342FB74E58A499FFF1EF88208B10892DE9859B765DA34D88ADF42
                                                                                                                                                                                Function 07D96371 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fb9ccf868caa1afcddf35f8f9c86d81568802799a19d537b58353f0dfa321c78
                                                                                                                                                                                • Instruction ID: 289960ed0f9d18e1de85d63bd7a85059e684325f4914df9234836d111c8e635e
                                                                                                                                                                                • Opcode Fuzzy Hash: fb9ccf868caa1afcddf35f8f9c86d81568802799a19d537b58353f0dfa321c78
                                                                                                                                                                                • Instruction Fuzzy Hash: F201D1B1704221CFC7118B28C468B5ABBF5EF49620F0880A6E849DB391DB35DC40CB90
                                                                                                                                                                                Function 0775AEB0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fbca9cacffe2d3ac9e16b67a9661efdbc25b0f11a7a04760dc484686c59c0efc
                                                                                                                                                                                • Instruction ID: 66934d872a9956426c7802d1782ee62e048488e63c98785bcdc9482eba487cb2
                                                                                                                                                                                • Opcode Fuzzy Hash: fbca9cacffe2d3ac9e16b67a9661efdbc25b0f11a7a04760dc484686c59c0efc
                                                                                                                                                                                • Instruction Fuzzy Hash: 31F02B743055404FC7095379589462D7FE7DFCD114B15407DD409CB392DF51CC054752
                                                                                                                                                                                Function 07DD7B58 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a1b61817645bcd06eeefae4e74225e8945dd5c40aaace062ad6fabb882d71971
                                                                                                                                                                                • Instruction ID: 98577f13ab13a0423a36496ae2e0d9ddb771c9227cd7bc425686a34f60c68ab8
                                                                                                                                                                                • Opcode Fuzzy Hash: a1b61817645bcd06eeefae4e74225e8945dd5c40aaace062ad6fabb882d71971
                                                                                                                                                                                • Instruction Fuzzy Hash: A2F0C876604345AFCB125FA89C019EDFFB2FF4D310B14456AFA95D7211C7318924EB61
                                                                                                                                                                                Function 07E12F18 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e512d21a111ea4efdda0da2cd491fa0e22157590db0e8dcab4b6cb2a28346e6f
                                                                                                                                                                                • Instruction ID: 94fd8f8b66d8454ec56bc641b27bb0d6fba263a0b3f6c85f560b761211c71b33
                                                                                                                                                                                • Opcode Fuzzy Hash: e512d21a111ea4efdda0da2cd491fa0e22157590db0e8dcab4b6cb2a28346e6f
                                                                                                                                                                                • Instruction Fuzzy Hash: A8F06876B001199F8F41EE64E8058EEBBBAFBC8331B048026ED18D7310D7309A16DB90
                                                                                                                                                                                Function 07DF1A50 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 138952670ff54dda91966a6c852b5824f4de021363e787891d7116933779e62c
                                                                                                                                                                                • Instruction ID: 9eb8c769e871c2ae1e7fbc0d0126aabd41dc070ad07aec2072531f4d50e0e7ef
                                                                                                                                                                                • Opcode Fuzzy Hash: 138952670ff54dda91966a6c852b5824f4de021363e787891d7116933779e62c
                                                                                                                                                                                • Instruction Fuzzy Hash: A6F0AF71E102199FCB159FA5D4597EEBFB5AB88620F10006ED106EB380DF75194A8BE0
                                                                                                                                                                                Function 07D91F88 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6cb4ccc01a433cf5616ca9667e96ae4af37e25240749356d7ccfd69885b44176
                                                                                                                                                                                • Instruction ID: d553133e40fb8a36298de865abc0c5f184586a21d839d0e057b79d1a314ca3bc
                                                                                                                                                                                • Opcode Fuzzy Hash: 6cb4ccc01a433cf5616ca9667e96ae4af37e25240749356d7ccfd69885b44176
                                                                                                                                                                                • Instruction Fuzzy Hash: D3F0AF342002419FC310DB6AD88988AFBF6EFC9654318C66EE54D9BB16CB70EC0AD791
                                                                                                                                                                                Function 07D9B6E8 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 64e8c574c845d7adfcf389b61676e1871da1f9d6d2cc079aef4e3959ed6387b3
                                                                                                                                                                                • Instruction ID: 9eabebb717c1cd9b0827f9b5596981eb5f263188eaef9c471e223810a6f4a5d2
                                                                                                                                                                                • Opcode Fuzzy Hash: 64e8c574c845d7adfcf389b61676e1871da1f9d6d2cc079aef4e3959ed6387b3
                                                                                                                                                                                • Instruction Fuzzy Hash: 5CF024B03092059BE7158A199810B56B366DFC5754F25803BE5048F748D730EC52C7E8
                                                                                                                                                                                Function 07D921F8 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f00e5d60f065fe34d1b5c05812784a7b92e1793388a233f0e3d59a0b12d3c552
                                                                                                                                                                                • Instruction ID: 255d23e883da60564b628abe03d7215e877ed6b1241fa358719e46d223fc155d
                                                                                                                                                                                • Opcode Fuzzy Hash: f00e5d60f065fe34d1b5c05812784a7b92e1793388a233f0e3d59a0b12d3c552
                                                                                                                                                                                • Instruction Fuzzy Hash: AA0180B0904246AFDF20DF64C449B9ABFF1BB09304F1445A8D081976A2C775A988CBC1
                                                                                                                                                                                Function 07D9FD18 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5c2376f59dd48def34c19cd8820578d565ccd356deb7212393f33f896828d74c
                                                                                                                                                                                • Instruction ID: 30f853cb829220e9f685aa34cb1f3291a50982313f3d448c1237feaab01d9006
                                                                                                                                                                                • Opcode Fuzzy Hash: 5c2376f59dd48def34c19cd8820578d565ccd356deb7212393f33f896828d74c
                                                                                                                                                                                • Instruction Fuzzy Hash: CEF0F031204304DFC3119F7AEC858EABBB6EFC9224304867AF6458B254EB30980DC790
                                                                                                                                                                                Function 07DD5FE0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6d011a437cc0758b6ae59b0f5ecee5004dc68eb0edf7ae3c4026d6aed91a6a80
                                                                                                                                                                                • Instruction ID: 53b431b6ad5f41e2da9d8d08324f0c56cfeeaf44b8ae771033002ad62608a0fd
                                                                                                                                                                                • Opcode Fuzzy Hash: 6d011a437cc0758b6ae59b0f5ecee5004dc68eb0edf7ae3c4026d6aed91a6a80
                                                                                                                                                                                • Instruction Fuzzy Hash: 44F096B53002019FC705DF59E584869FBEAFF8921572581A6E509CB336DB31DC02CFA1
                                                                                                                                                                                Function 07DD7A01 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bd6f6cbad99aa781414eb642bf8ab511f8afb67eb0e786813ef5a411a86d0d94
                                                                                                                                                                                • Instruction ID: f45687f87166cd17414100dfc4fba3fbb78ba4224e1dc2f4302074d20456b80d
                                                                                                                                                                                • Opcode Fuzzy Hash: bd6f6cbad99aa781414eb642bf8ab511f8afb67eb0e786813ef5a411a86d0d94
                                                                                                                                                                                • Instruction Fuzzy Hash: 73F0F971A10219DFCB94DFB9D8455AEBFF5FF49324B20416AE458E3220EB358951CB90
                                                                                                                                                                                Function 07DD5517 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2000b93c60e9c6bf841968bcb44462963550fb0462d373b5e74a88179e2ebb44
                                                                                                                                                                                • Instruction ID: 6074a2b79430a4991770df9ace67740c9315cd6eaa222c1c3ba63930c3c3873a
                                                                                                                                                                                • Opcode Fuzzy Hash: 2000b93c60e9c6bf841968bcb44462963550fb0462d373b5e74a88179e2ebb44
                                                                                                                                                                                • Instruction Fuzzy Hash: 8EF0277230D2A06FC302176EA8964EAFFBCDEDA17030440B7FA88CB602C9148D0183B2
                                                                                                                                                                                Function 07D94653 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8fc37fea239bf2a35c4ffc307e7ed0ffa74f895f9543b65d48c2f56d65560dff
                                                                                                                                                                                • Instruction ID: 9dd1a2984e187f816101469c91071e2bfe23d1e6c43412f56acda60b844aa1a5
                                                                                                                                                                                • Opcode Fuzzy Hash: 8fc37fea239bf2a35c4ffc307e7ed0ffa74f895f9543b65d48c2f56d65560dff
                                                                                                                                                                                • Instruction Fuzzy Hash: 5AF09E3B7001508BCB065694A8523FEBF62DFC5222F18007BEB04C7341CA348907C3E2
                                                                                                                                                                                Function 07DD6050 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fcd0f21f11c85851d1f9a9ec871a3141c142593273e804b725ddda74cb3aef86
                                                                                                                                                                                • Instruction ID: 5c34a6dc49af0fd2b6dcdbac66a839ebf7922cbd11c955842b27a13f3216ab7f
                                                                                                                                                                                • Opcode Fuzzy Hash: fcd0f21f11c85851d1f9a9ec871a3141c142593273e804b725ddda74cb3aef86
                                                                                                                                                                                • Instruction Fuzzy Hash: DAF030B520451AAF8704CE95D880CBBF7B9EB896A4B10852DF91A97210D731EC05C7E0
                                                                                                                                                                                Function 07E11D80 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a2628bf2ab251dc3411e7bc9e5255e26f836b6ed7036b1ff476553170d0efac8
                                                                                                                                                                                • Instruction ID: 4cee021acb97a55d08769916f3dad586c09d5dcc0cd4b93265e486c1468bd9fe
                                                                                                                                                                                • Opcode Fuzzy Hash: a2628bf2ab251dc3411e7bc9e5255e26f836b6ed7036b1ff476553170d0efac8
                                                                                                                                                                                • Instruction Fuzzy Hash: ADF0C4756041149FC708DB6DD098AA8BBE9EF4A319F1540EAE90ACBB71CB71AC44CB81
                                                                                                                                                                                Function 07DD8288 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 43fe06b40f4395c4ffdafa53c43503e7e8c544d6311737c2d27c2792e3e44280
                                                                                                                                                                                • Instruction ID: 8f44dbe66dbe80ae92ed0d4505c6630eef5a05f06a91f430667168b3c64a804d
                                                                                                                                                                                • Opcode Fuzzy Hash: 43fe06b40f4395c4ffdafa53c43503e7e8c544d6311737c2d27c2792e3e44280
                                                                                                                                                                                • Instruction Fuzzy Hash: 3EF01C72705214AF87049A6ED884896FFEEEFDA22532540ABF509CB672CE719C05C7A1
                                                                                                                                                                                Function 07DD0E70 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5d53e2750a053b9619d1f29d1541faf94482aba83d18c4505c599946c4451aa9
                                                                                                                                                                                • Instruction ID: 0766ac21f218f491588a9e59e580d3a5cf81059f25df1e44ffa8dedd8bef9983
                                                                                                                                                                                • Opcode Fuzzy Hash: 5d53e2750a053b9619d1f29d1541faf94482aba83d18c4505c599946c4451aa9
                                                                                                                                                                                • Instruction Fuzzy Hash: F1F0F670304754AFD32526348958767FBD7EBC5714F40043CD14A8B781CFB6A880C751
                                                                                                                                                                                Function 07DDAE68 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f871220c6defaf7e85c5d33de6795b685411c61650b18bc638e7b71b37e54d0f
                                                                                                                                                                                • Instruction ID: 2fb74a7095d5757782951e99f7d1e3d90dc3f40fc9cd2e838ceccb73528fcc9f
                                                                                                                                                                                • Opcode Fuzzy Hash: f871220c6defaf7e85c5d33de6795b685411c61650b18bc638e7b71b37e54d0f
                                                                                                                                                                                • Instruction Fuzzy Hash: C5F06275200245AFC711EB96EC45DAFBBAAEBC8220750C129F5198BB20DB359C0187A5
                                                                                                                                                                                Function 07DDCDF8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 079706741ed45dec451a0d9263d6a8ddce92929253a9acb85e6745ce33da1687
                                                                                                                                                                                • Instruction ID: 76e448bdcd71234f36ed0986f549e68b16d54fa1e25c61415f80e0fbd5c378f9
                                                                                                                                                                                • Opcode Fuzzy Hash: 079706741ed45dec451a0d9263d6a8ddce92929253a9acb85e6745ce33da1687
                                                                                                                                                                                • Instruction Fuzzy Hash: FAF0A7327046106FC7066B5A984599EFB6AEFC9B34B14C027F645CB3A1CEB54D4287E1
                                                                                                                                                                                Function 07DFAD30 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a9d24dcef4c7597440bb15dbde51d2415d89d8644673072942376f2c791fba41
                                                                                                                                                                                • Instruction ID: e090576962c88b92c1fd75cc81396fddef757f6daa5a4ac06ef1dbbafd0bb426
                                                                                                                                                                                • Opcode Fuzzy Hash: a9d24dcef4c7597440bb15dbde51d2415d89d8644673072942376f2c791fba41
                                                                                                                                                                                • Instruction Fuzzy Hash: 48F0B4363052109FCB265A6AE814499BBB6FFCE261319406BE90AC3311DA35CC13DB90
                                                                                                                                                                                Function 07D9CA21 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 445e9df7813688ef280895d2b5df1c5e3842374eba8345a618e4a560d6f33314
                                                                                                                                                                                • Instruction ID: bdee7fcf1cf414ef877529ffe9b40e351d260d53788ae263c62c5444fd6122a2
                                                                                                                                                                                • Opcode Fuzzy Hash: 445e9df7813688ef280895d2b5df1c5e3842374eba8345a618e4a560d6f33314
                                                                                                                                                                                • Instruction Fuzzy Hash: EDF0A7727182514FD704CA3A58804BBABAB9BC5164315843BD509D3244EE348C028364
                                                                                                                                                                                Function 0775C7A8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7e2bdbbeb9249551460c4be87ef609c94c6a2cbf4791895516a9d85e81b0e549
                                                                                                                                                                                • Instruction ID: 5e93d2e1e4cc5b783224f2a7f027566ed5fea5b06f0f08a3ce5f158ef58bc5e2
                                                                                                                                                                                • Opcode Fuzzy Hash: 7e2bdbbeb9249551460c4be87ef609c94c6a2cbf4791895516a9d85e81b0e549
                                                                                                                                                                                • Instruction Fuzzy Hash: FFF0ECB76043625BC7264639A4003FA7FDD8B85660F158457D80CC7651EBB9440587B1
                                                                                                                                                                                Function 07E13730 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1a73567e09341152da05fb1d5d89d3d221eca9e1b6350779d569460928a09627
                                                                                                                                                                                • Instruction ID: 4c5d1160a2abba313d4083274826cc616f84bf5816a1b0e7d0ee48e5f868f49a
                                                                                                                                                                                • Opcode Fuzzy Hash: 1a73567e09341152da05fb1d5d89d3d221eca9e1b6350779d569460928a09627
                                                                                                                                                                                • Instruction Fuzzy Hash: 1DF0F4B1E01606AFCB58DF6A98416ABBFF5EF89210F54C43AD55ED3200EA3155068B90
                                                                                                                                                                                Function 00E00C66 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2215253993.0000000000E00000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_e00000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2acface770558823381c6c1ba6fa0b6390e3c0ae5e9c6798ddf1aef932033c08
                                                                                                                                                                                • Instruction ID: d8d7c7f9b2f63f870c48be57b11fc3903fcac613a9a883f9ecc2365eae35f27b
                                                                                                                                                                                • Opcode Fuzzy Hash: 2acface770558823381c6c1ba6fa0b6390e3c0ae5e9c6798ddf1aef932033c08
                                                                                                                                                                                • Instruction Fuzzy Hash: 3DF08CB2905204AB9200DF06ED458A6F7ECEF84521F08C52AEC088B704E376A9198AE2
                                                                                                                                                                                Function 07DFEF9B Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a82b1f14df60cbec60f50ecc20cf3512f44d34d6589ba27ab4c0a8b58bf5627e
                                                                                                                                                                                • Instruction ID: ff50a5ff9b27ef1380622ba0826fc06217bf91c11f1c2bb2a82fc2bf59ba951b
                                                                                                                                                                                • Opcode Fuzzy Hash: a82b1f14df60cbec60f50ecc20cf3512f44d34d6589ba27ab4c0a8b58bf5627e
                                                                                                                                                                                • Instruction Fuzzy Hash: 28F0B4713053508FC711CB69D484DD6BBFAEF89224B5106AAF109CFB62CB70AC4AC7A0
                                                                                                                                                                                Function 07DFDC80 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3db8c45a3344d0902fdfd74dcb1366ba081055efab84ae4f4e9c7196d0d881c8
                                                                                                                                                                                • Instruction ID: 161fa575cc7295fd898c81900697a01772873e8afea976dbb0c32b5954d73c3a
                                                                                                                                                                                • Opcode Fuzzy Hash: 3db8c45a3344d0902fdfd74dcb1366ba081055efab84ae4f4e9c7196d0d881c8
                                                                                                                                                                                • Instruction Fuzzy Hash: E9F0FE72300114DFCB44AA6AE458DAA77AAEBC9761711406AF60ACB760CA719C05C7A1
                                                                                                                                                                                Function 0775C721 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fc63e85042fd5a6ca1f27a64e81477880f1d5e9f05dd44e3e7f715062d9341a9
                                                                                                                                                                                • Instruction ID: 2f59fa315585a9fd7d11ed6be750cdeeeed17400ffdf701a6d751fda88f51c9f
                                                                                                                                                                                • Opcode Fuzzy Hash: fc63e85042fd5a6ca1f27a64e81477880f1d5e9f05dd44e3e7f715062d9341a9
                                                                                                                                                                                • Instruction Fuzzy Hash: 2FF059F66087866BCB134B2998043AABFE99B832E0F148C9BE440C75A1D7B95501C7A5
                                                                                                                                                                                Function 07E13700 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b54a06973434c67fc1afa8c17928347b37251629aa88c137ba4fd5c61e64e125
                                                                                                                                                                                • Instruction ID: 1389a1ee4e6839c9a5bde0f260d8fdee0c85f638995bf251739f1190356f1209
                                                                                                                                                                                • Opcode Fuzzy Hash: b54a06973434c67fc1afa8c17928347b37251629aa88c137ba4fd5c61e64e125
                                                                                                                                                                                • Instruction Fuzzy Hash: C0F0BEB96062428FCB068B15D85159ABFB1AF8B215729C0ABD889CB252CB31984BC7C0
                                                                                                                                                                                Function 07D9CF60 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: df4e98a5b6ae147acd12ef01f466fabf9cdac18ae76d7b940bb8218bc151660e
                                                                                                                                                                                • Instruction ID: 40118e5247e4752b0876785dfb2f4aef6544fd2b26ba4c7a4952fb722f625614
                                                                                                                                                                                • Opcode Fuzzy Hash: df4e98a5b6ae147acd12ef01f466fabf9cdac18ae76d7b940bb8218bc151660e
                                                                                                                                                                                • Instruction Fuzzy Hash: 6BF0FA34300612AFCB05AB29D4008AEFBAAFFD9304300402AE0858B700CFA4F906C7E1
                                                                                                                                                                                Function 07D9B658 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 402c5c3024bfd0c6cc85cbb2cfe2f66d60218b6804dfdfe66054c187c79d58d5
                                                                                                                                                                                • Instruction ID: 6f8220adda1a4176f7bd4c10e81577bc09fd8eeceb04fd6eacc8e4038fcbb97b
                                                                                                                                                                                • Opcode Fuzzy Hash: 402c5c3024bfd0c6cc85cbb2cfe2f66d60218b6804dfdfe66054c187c79d58d5
                                                                                                                                                                                • Instruction Fuzzy Hash: 84E0D87130411427EA14A59FACD0F6FB2CFDFC8A68F69803EE508DB788DEA09C0102A4
                                                                                                                                                                                Function 07D968A0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 61dc780e816ef4c6799974f2d8b0c01409dc036fddb5d5c47c3486a968310e82
                                                                                                                                                                                • Instruction ID: e62e4f14e58a89f12cd50588f6c6ffdc346198c88e02af71c4f26e31ca8f1ac4
                                                                                                                                                                                • Opcode Fuzzy Hash: 61dc780e816ef4c6799974f2d8b0c01409dc036fddb5d5c47c3486a968310e82
                                                                                                                                                                                • Instruction Fuzzy Hash: 43F027B1705221EFC7161B58D640829FBB9EF8636030A8077E94087352D730DC11C7DA
                                                                                                                                                                                Function 077583D0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e12a19bfc2872bb8e3d658e9b9b28acc9a0e400a59489d1421f605c6d53ea394
                                                                                                                                                                                • Instruction ID: a039afac2050e87c9dfe913d97e3c2f6476fc99f0519ad529e616edeacdede72
                                                                                                                                                                                • Opcode Fuzzy Hash: e12a19bfc2872bb8e3d658e9b9b28acc9a0e400a59489d1421f605c6d53ea394
                                                                                                                                                                                • Instruction Fuzzy Hash: 5EF0FF313006158FC714DB56D548C9AB7F6AFC4258754C46EE4059BA24DEB1F9068BD0
                                                                                                                                                                                Function 07DD5FF0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: adc1026a87a2992a196323aee53818880b938e58690975b63209ef9e0e7f3c9c
                                                                                                                                                                                • Instruction ID: 14728379bf54f9525ab2e83b695d63d32adb22bb36107b054e42b1a56713f8d9
                                                                                                                                                                                • Opcode Fuzzy Hash: adc1026a87a2992a196323aee53818880b938e58690975b63209ef9e0e7f3c9c
                                                                                                                                                                                • Instruction Fuzzy Hash: FBF012753001149FC714DB19E488C6AFBEAFFC926572481A5E509CB726DB72DC42CBA1
                                                                                                                                                                                Function 07DDCF48 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: edd1e550df9c50ae4d7b7626c74056f9f910355617c30d870852c8d9563ed23e
                                                                                                                                                                                • Instruction ID: 04f57252d674d3bcc271ffc8d1e12f758dcc4850b89536e2eaf11bc91b4bc41e
                                                                                                                                                                                • Opcode Fuzzy Hash: edd1e550df9c50ae4d7b7626c74056f9f910355617c30d870852c8d9563ed23e
                                                                                                                                                                                • Instruction Fuzzy Hash: 7CF0A0717001245FC714AA28D458ABE77EADBC8721F05807AFE09CB390CF759C018791
                                                                                                                                                                                Function 07DD7B68 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 340dab864d91bab097296cea264bda1742b2ffedb842d66b12b7082ded760691
                                                                                                                                                                                • Instruction ID: 11c614eac28a2be938b585978569586c9fefd506bd816df5e6f1fcf5536080a2
                                                                                                                                                                                • Opcode Fuzzy Hash: 340dab864d91bab097296cea264bda1742b2ffedb842d66b12b7082ded760691
                                                                                                                                                                                • Instruction Fuzzy Hash: EEF05476A00208AFCF219F999C40DAEFFB6FB8C310F044529FA55A3310D6319924EB61
                                                                                                                                                                                Function 07DD2F09 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 03681b76a4b0a83e305b02c7d7d9933c1334781a7611bad6ee85aae2af7753a8
                                                                                                                                                                                • Instruction ID: 718f360aa882c773591209503b4617d710936212e7d829a7147b92bd223ce622
                                                                                                                                                                                • Opcode Fuzzy Hash: 03681b76a4b0a83e305b02c7d7d9933c1334781a7611bad6ee85aae2af7753a8
                                                                                                                                                                                • Instruction Fuzzy Hash: 0EF0A03A3042405FC3460B6AD40498ABFAAEFC622032980BBE944CB721DE318D1ADB91
                                                                                                                                                                                Function 07DDA061 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7b771edb101c00c4ee6b793fb2bd79d9ef010e8167d9f6a92cad44ae99a006c6
                                                                                                                                                                                • Instruction ID: 7670e6d47ad066d1dd5d6ff9d045f7eda558f38da6678190f0a11a9012fbb86b
                                                                                                                                                                                • Opcode Fuzzy Hash: 7b771edb101c00c4ee6b793fb2bd79d9ef010e8167d9f6a92cad44ae99a006c6
                                                                                                                                                                                • Instruction Fuzzy Hash: FEF06DB6A01206CFCF16EF74E4584ACB771FF98325B008426D405A7718CA36AC56CBD2
                                                                                                                                                                                Function 07D91F98 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e1cfa35489f4b317f4402f6e1273689b6154e98b3bcd873626ee651bb1595a2d
                                                                                                                                                                                • Instruction ID: c3ab2403d17ede8913327c60ced2d4f4b9b0a90c6849e48a76fa07df47223fb7
                                                                                                                                                                                • Opcode Fuzzy Hash: e1cfa35489f4b317f4402f6e1273689b6154e98b3bcd873626ee651bb1595a2d
                                                                                                                                                                                • Instruction Fuzzy Hash: CFF05E753001059F8210D75AD889C8AF7E6EBCC654314C62DF60DABB15DB70EC0AD7D1
                                                                                                                                                                                Function 07D9C418 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 90c54b8679a64ea61dffbb5ab85cae5e337df01b03d9a72402bd4abd35a6af20
                                                                                                                                                                                • Instruction ID: bd674b535dc2b2e4f8f25f7ba2b2552a32b3a6c9e18eac94257454bf851c4acf
                                                                                                                                                                                • Opcode Fuzzy Hash: 90c54b8679a64ea61dffbb5ab85cae5e337df01b03d9a72402bd4abd35a6af20
                                                                                                                                                                                • Instruction Fuzzy Hash: 9FF05E70710314DFDF28AB76E4885ADB7A6AF44655B00487DD40A87644EAB5E844CB90
                                                                                                                                                                                Function 0775EFA9 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5b3309df44d4e82c4aeaf53d1f428aba145f094544aa99ac5fe9abc0bce70aed
                                                                                                                                                                                • Instruction ID: 6df600942b7f4ee74a14eb1d28674bc3f6143b45584b51231514c4bb5f80149b
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b3309df44d4e82c4aeaf53d1f428aba145f094544aa99ac5fe9abc0bce70aed
                                                                                                                                                                                • Instruction Fuzzy Hash: 78E06D323091905FC71A6A7928994EE7BEA9ACA36031A016EF305CB292CD244846D372
                                                                                                                                                                                Function 07DD7B10 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7bb5886a6619851783840791b39698dd3eb9b525eada5d8ae3ac5db9793a2293
                                                                                                                                                                                • Instruction ID: 63d756d55cdf3781367fb79bb5383e801e43ff38ac0859072d567a1367385e64
                                                                                                                                                                                • Opcode Fuzzy Hash: 7bb5886a6619851783840791b39698dd3eb9b525eada5d8ae3ac5db9793a2293
                                                                                                                                                                                • Instruction Fuzzy Hash: 28F034341007029FC3218F69C844852FBF8FF096287108A9AE8968BB62DB70FC18CB90
                                                                                                                                                                                Function 07DD4970 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c8caeef4f37727eec17547bfc17a62e8f133f6e53f1887739294fb2efc5d749e
                                                                                                                                                                                • Instruction ID: 1f708c26ee78d2f05ca186b636450d319204d95f85b0137494cf65a868ff9a7e
                                                                                                                                                                                • Opcode Fuzzy Hash: c8caeef4f37727eec17547bfc17a62e8f133f6e53f1887739294fb2efc5d749e
                                                                                                                                                                                • Instruction Fuzzy Hash: B1E046737102A5470A5466AFB5049EEFB9EEAC0876318507BE60CC3A00DE61CC1342E4
                                                                                                                                                                                Function 07E1487F Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fafcec8fe3a24e997a94f20ad103e9c912f4c9272eb0357c803cdb46f8f3cf03
                                                                                                                                                                                • Instruction ID: 36916fc7ca552050f4a5f75695d7ff2c9045e957ef348ab0b660ad802416e1b6
                                                                                                                                                                                • Opcode Fuzzy Hash: fafcec8fe3a24e997a94f20ad103e9c912f4c9272eb0357c803cdb46f8f3cf03
                                                                                                                                                                                • Instruction Fuzzy Hash: D8F0E2352092C48FC752CB69D445BE0FBA4EB43329F9990E6E8484F6A3C371D88AC790
                                                                                                                                                                                Function 07D9B6A0 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1c134a6fd3715473fdd5d29252bdc231a9823fd6e59e50e4a81838bde54ee548
                                                                                                                                                                                • Instruction ID: 395ca097e1cda210beab55de91b18f75df01f26aa49b26c53ff7b65e4f7ac2f5
                                                                                                                                                                                • Opcode Fuzzy Hash: 1c134a6fd3715473fdd5d29252bdc231a9823fd6e59e50e4a81838bde54ee548
                                                                                                                                                                                • Instruction Fuzzy Hash: F0E02B713081009FE3458748AC44B47B7AADFC6725F28C46BE008CB346D6309C06C754
                                                                                                                                                                                Function 07DD7E18 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0003c56c70497744bbb997eab2932894e9eccdeccf7df6fab23db652e9246a80
                                                                                                                                                                                • Instruction ID: f8c1381a739e741ef70e22aa945f2a7cc2ecbe62a09420bc06c589d07c40943c
                                                                                                                                                                                • Opcode Fuzzy Hash: 0003c56c70497744bbb997eab2932894e9eccdeccf7df6fab23db652e9246a80
                                                                                                                                                                                • Instruction Fuzzy Hash: 08E09272705354AFC702276F9C5548AFFAADFC9274314407AE649D7312DE348C22A761
                                                                                                                                                                                Function 07DDA090 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f3f18a7276815544eed14cbcd980b31bea9043625054759f8362f800f72e9e94
                                                                                                                                                                                • Instruction ID: 724fe992933974bd7f85ee0344f96878179b8f199cc5b571c23f50f11dcab65e
                                                                                                                                                                                • Opcode Fuzzy Hash: f3f18a7276815544eed14cbcd980b31bea9043625054759f8362f800f72e9e94
                                                                                                                                                                                • Instruction Fuzzy Hash: 5DF055B1E0125397CF22BAB858040F9FBB9DF84250F04C5A7D981AB304EA319E8487F3
                                                                                                                                                                                Function 07D9CC58 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3ba1a398ecc80f28fac5e016f5ac61c7bf33fc11385cf3149c2a0ea51e81fb64
                                                                                                                                                                                • Instruction ID: cccaff259ae53ca311b46617dcb8134e2426a36dd6b8c910b8fa7570a8856f97
                                                                                                                                                                                • Opcode Fuzzy Hash: 3ba1a398ecc80f28fac5e016f5ac61c7bf33fc11385cf3149c2a0ea51e81fb64
                                                                                                                                                                                • Instruction Fuzzy Hash: 2AE0ED32300514BFC7145AAAE8948AAFFEFEBC8360718403AF209C7320CA32CC01D7A0
                                                                                                                                                                                Function 07DDEEC7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 159921201643ad948ee948913e66d1ae29546f1d7fed7767468bf8d2dcd24019
                                                                                                                                                                                • Instruction ID: 5ee253247c6fe9d4b0e698a7e51b3878731ecdb0da2f3c280c80116ccd42a742
                                                                                                                                                                                • Opcode Fuzzy Hash: 159921201643ad948ee948913e66d1ae29546f1d7fed7767468bf8d2dcd24019
                                                                                                                                                                                • Instruction Fuzzy Hash: 9FF0A772104B418FC731DB64D4446D5FBB2AF81314F4445B6D4888A5B1EB309C49C711
                                                                                                                                                                                Function 07E14840 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6eaa542dcbc2d8db2c1b332541c0eb105f519e91cd1c7fd1227d6cda6420d2da
                                                                                                                                                                                • Instruction ID: d1da21dcb04df430225ffba6b307a60e92b2507353349941f8f959999b8cc031
                                                                                                                                                                                • Opcode Fuzzy Hash: 6eaa542dcbc2d8db2c1b332541c0eb105f519e91cd1c7fd1227d6cda6420d2da
                                                                                                                                                                                • Instruction Fuzzy Hash: 15F0A77990528ADFCB019B91D8068C8BF74EF46319B0581E6E5655FB61C2309915CBC2
                                                                                                                                                                                Function 07DF0373 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 82eb7034af1cba8e7524ff5bc49ddd2a2e400d2fc204f7a491837742bf97cdbe
                                                                                                                                                                                • Instruction ID: a7cc32af32f16d9fa5f5f2300f2b54bb5175d535543e14d084c228c910de3576
                                                                                                                                                                                • Opcode Fuzzy Hash: 82eb7034af1cba8e7524ff5bc49ddd2a2e400d2fc204f7a491837742bf97cdbe
                                                                                                                                                                                • Instruction Fuzzy Hash: 06E0DF77314610AFC746A76DD8149E97BFE9FCA62131600ABF10ADB662CF708C068751
                                                                                                                                                                                Function 07D9232E Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c085ad919efc75d416ade043014956a77b7d8e33c0b71e402a30a6d9be646553
                                                                                                                                                                                • Instruction ID: 700691b524a3c8ccbb13b982eeaf170f834590f65936ed380638e9799f3aa918
                                                                                                                                                                                • Opcode Fuzzy Hash: c085ad919efc75d416ade043014956a77b7d8e33c0b71e402a30a6d9be646553
                                                                                                                                                                                • Instruction Fuzzy Hash: 00E06F302483506FC302076CCC00AA6BBF8EF4B390F1000FAE285CBAA2CA606C1287C6
                                                                                                                                                                                Function 07759FA0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8fc2271ea8a67523e8137effbc6542fba287d19a9f5e357b45fb3b990da07355
                                                                                                                                                                                • Instruction ID: 6f21a55fc1c0c3ef9ffa69d5aefafb655980d1002fef9119305684869e2b9d66
                                                                                                                                                                                • Opcode Fuzzy Hash: 8fc2271ea8a67523e8137effbc6542fba287d19a9f5e357b45fb3b990da07355
                                                                                                                                                                                • Instruction Fuzzy Hash: 30E02BB17193638BC326637C602429A7FC49F021D4F1548BEC9419F785ED71DC0283D2
                                                                                                                                                                                Function 07DD8298 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7473196801b02bd40f973bab5abd9b0bdbbaeb2f6bb3b0765960e5094988045f
                                                                                                                                                                                • Instruction ID: a831aa7b5c3f66163a3e7367aa259e7fb641b77445aba17f79a09bcdc8dcaefa
                                                                                                                                                                                • Opcode Fuzzy Hash: 7473196801b02bd40f973bab5abd9b0bdbbaeb2f6bb3b0765960e5094988045f
                                                                                                                                                                                • Instruction Fuzzy Hash: 73E01A323001149B4604AA5ED888C4AFBEEEFDD621325406AB109C7331CAB1DC0187A0
                                                                                                                                                                                Function 07DD0A91 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ed6d8b52adee9a9f32cf32f3112ddead1a14c9274704b25a8155f8a32f518241
                                                                                                                                                                                • Instruction ID: 35b86b8dd2c1ae2d94a016ea811c4e437ad2ac3e18a80b91d7948307b60fdd2d
                                                                                                                                                                                • Opcode Fuzzy Hash: ed6d8b52adee9a9f32cf32f3112ddead1a14c9274704b25a8155f8a32f518241
                                                                                                                                                                                • Instruction Fuzzy Hash: 96F0923A209791CFDB0B5F6CED654A87F22EF8721530940ABE486CB662CF258911C751
                                                                                                                                                                                Function 07DD9D5E Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d0ea2819cbd4a3f7f3ca4a67bc6435ac4b469848ec89470ab758f09323b2f9e6
                                                                                                                                                                                • Instruction ID: efc248bba6fab1043cb0869bc6ea69264d4d2af2f89b6b43ddc4a1142526026a
                                                                                                                                                                                • Opcode Fuzzy Hash: d0ea2819cbd4a3f7f3ca4a67bc6435ac4b469848ec89470ab758f09323b2f9e6
                                                                                                                                                                                • Instruction Fuzzy Hash: 68F0927AA00108DFCB00CFA9E458ADCBBB1FB88325F149025E915A3250C731A854CF14
                                                                                                                                                                                Function 07E14028 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 559c3c5e4a1edc4d28a6d8450f5b61e9d5221d41095ff1196aa8d8df4a1bdaca
                                                                                                                                                                                • Instruction ID: 7488f30352b99c34a66c94b86919ab6165a738d0d90404a056d243a4dfa7bd71
                                                                                                                                                                                • Opcode Fuzzy Hash: 559c3c5e4a1edc4d28a6d8450f5b61e9d5221d41095ff1196aa8d8df4a1bdaca
                                                                                                                                                                                • Instruction Fuzzy Hash: 49E02231208680CFC702AB2DDC15499BBE6AEC6234305C2B7E46DCB3A1DB244C46C7A1
                                                                                                                                                                                Function 00E00606 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2215253993.0000000000E00000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_e00000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 631b1ab3fe2faf1bf1b6df8e1a7dcbcb610a0f61f84be246f5ecd54a8a445caa
                                                                                                                                                                                • Instruction ID: 72b9c3b90d80f96828b75923d9cbb945391e2b86d3ac4404669a0882426abc0a
                                                                                                                                                                                • Opcode Fuzzy Hash: 631b1ab3fe2faf1bf1b6df8e1a7dcbcb610a0f61f84be246f5ecd54a8a445caa
                                                                                                                                                                                • Instruction Fuzzy Hash: FEE092B6A006004B9650CF0AED41462F7E8EB84630718C47FDC0D8B711E239B509CAA5
                                                                                                                                                                                Function 07DF9F58 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 32fd85de7d51e490f91535e6b9417e9e0a4f3578a6d8fa8e65de1924ba26ecd0
                                                                                                                                                                                • Instruction ID: c6d1d007f2738004bc96ef5a195d8db72af6a2c5a88f24f427aad90825150608
                                                                                                                                                                                • Opcode Fuzzy Hash: 32fd85de7d51e490f91535e6b9417e9e0a4f3578a6d8fa8e65de1924ba26ecd0
                                                                                                                                                                                • Instruction Fuzzy Hash: 20F030322001199FCB04CF59D804EAA3BEAFF88311F05406AFA05C7220CB71DC15DB61
                                                                                                                                                                                Function 07DFAD40 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 45c964289a034bc586695bba260db17176a711b5582275594cda4f97397d62a6
                                                                                                                                                                                • Instruction ID: 071fc74bf2bddbc989ea8226a9b2251c50e0ee2abc02110567fc521c4d897d22
                                                                                                                                                                                • Opcode Fuzzy Hash: 45c964289a034bc586695bba260db17176a711b5582275594cda4f97397d62a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 51E065363001109BC7259A59E804829FBAAFBCC261304403DEA0AC3310CA369C139790
                                                                                                                                                                                Function 07D9531F Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c9628830d49e1ca47bb97a20c033800672cec72e46b8d93b6780b02fec89dd2d
                                                                                                                                                                                • Instruction ID: b31847ca11733f7b5c9a20a8586fb326bb81c74510f3d8669678835aca2a7147
                                                                                                                                                                                • Opcode Fuzzy Hash: c9628830d49e1ca47bb97a20c033800672cec72e46b8d93b6780b02fec89dd2d
                                                                                                                                                                                • Instruction Fuzzy Hash: 85F0F43AA01109DFCF01CF94D6898CCBBB2FF4C224B2581A5E9086B625C732EE19CB50
                                                                                                                                                                                Function 07D91C40 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9f273427898b3f6c7a0e9b2be20c1b38c143acee0473dcd62894ed6b67c21e17
                                                                                                                                                                                • Instruction ID: 6b7b6bf5fdfba7938c9993ff224e4eb54beea063b77b0be05a15532e72436b04
                                                                                                                                                                                • Opcode Fuzzy Hash: 9f273427898b3f6c7a0e9b2be20c1b38c143acee0473dcd62894ed6b67c21e17
                                                                                                                                                                                • Instruction Fuzzy Hash: ADE02B721083538FCB314B7845502C0FBB0CF436B432947B6C891EB28AEB62CC059790
                                                                                                                                                                                Function 0775EF60 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1b6a6e4526c74526e3ca150317641e472c29a728974fca6516d097705608894e
                                                                                                                                                                                • Instruction ID: c504bde62921a6813fef533d47750011bb1ec7ec2fefec8337e5b52e110bfc9a
                                                                                                                                                                                • Opcode Fuzzy Hash: 1b6a6e4526c74526e3ca150317641e472c29a728974fca6516d097705608894e
                                                                                                                                                                                • Instruction Fuzzy Hash: 94E092713006109BC7186765B45846EB7A6EBC9229314902DE20A87700CF659802C795
                                                                                                                                                                                Function 07DDEF10 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 84280999b17959b85fd3241fa3d1131f0fdd2f13fde512e7d8dc172f3e300d8f
                                                                                                                                                                                • Instruction ID: c0518e476b6c35bd8150c70985bc48e9354797e39e579339ab44d25efd6b25e8
                                                                                                                                                                                • Opcode Fuzzy Hash: 84280999b17959b85fd3241fa3d1131f0fdd2f13fde512e7d8dc172f3e300d8f
                                                                                                                                                                                • Instruction Fuzzy Hash: FCE0D872100B419FC7309B79D404B96FBF9DF81328F5806FAE4498B6A1EB609C8CC7A1
                                                                                                                                                                                Function 07DF1BF8 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 956b98a664aabfa9874e006a6d72da8033208aa37ec475c2cdcfcc98f8a57525
                                                                                                                                                                                • Instruction ID: 689a472580714037594fc4cf04e89946250f9e05f0f16bbc6f3835ad9abbe528
                                                                                                                                                                                • Opcode Fuzzy Hash: 956b98a664aabfa9874e006a6d72da8033208aa37ec475c2cdcfcc98f8a57525
                                                                                                                                                                                • Instruction Fuzzy Hash: D6E048323005547B8B066EDAAC04C5F7F6AEBCC6717004029F709C7350CA728C21A7A5
                                                                                                                                                                                Function 07052507 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2218704854.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7050000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 72b32012090acae5864294d86bdbba5b7c8967e9bed1fbc8720f3f498599cb3a
                                                                                                                                                                                • Instruction ID: 3afe436b8a7a24c35afc455c3719700603d6c13d26b15380d2ffaf9feaa21840
                                                                                                                                                                                • Opcode Fuzzy Hash: 72b32012090acae5864294d86bdbba5b7c8967e9bed1fbc8720f3f498599cb3a
                                                                                                                                                                                • Instruction Fuzzy Hash: 75E0D8B29402006BD210DE069D45F53FBD8DB40A30F08C45BED091F741E176B614C9F1
                                                                                                                                                                                Function 07052C5B Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2218704854.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7050000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 73e711ff921e8627150e0bd6a787e736ff1adfecc851dc7a05caebfacdb635ff
                                                                                                                                                                                • Instruction ID: 53271289dc6d1b4959881ebd44ebe9757722c6e8dc8ece0264a51eb3858890c6
                                                                                                                                                                                • Opcode Fuzzy Hash: 73e711ff921e8627150e0bd6a787e736ff1adfecc851dc7a05caebfacdb635ff
                                                                                                                                                                                • Instruction Fuzzy Hash: A0E0D8B29402046BD3108E069D45F53FBDCDB44A31F08C46BED081F741E175B51489F1
                                                                                                                                                                                Function 07DDA3E0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e795f397a05c138a9ca7cf903eb3c28dcdc0fbf8d5e819beb705cbe8bd66a314
                                                                                                                                                                                • Instruction ID: 59f4b3ee507318bae9ac72c338b4cfffb04ff935cd847007e5e0ad1dd8b69f8c
                                                                                                                                                                                • Opcode Fuzzy Hash: e795f397a05c138a9ca7cf903eb3c28dcdc0fbf8d5e819beb705cbe8bd66a314
                                                                                                                                                                                • Instruction Fuzzy Hash: E3E0D832608110BBC7048A99D800849FBAEEFCD3317058067F909C7251DA729C228B90
                                                                                                                                                                                Function 07E12C70 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0072bf2cd4d9a3a8ed67c553491d45422a6059b5c4762babce8e8a46d6219333
                                                                                                                                                                                • Instruction ID: 3290372b3809c8d00567bb471c95cbde2c391eb3228b5100bae3e3bd4185257a
                                                                                                                                                                                • Opcode Fuzzy Hash: 0072bf2cd4d9a3a8ed67c553491d45422a6059b5c4762babce8e8a46d6219333
                                                                                                                                                                                • Instruction Fuzzy Hash: 1DE020B17052504FD3154329EC059957BDDFBC5220F0540F6D74AC3651DA545C46C7D1
                                                                                                                                                                                Function 07DF0B68 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b4ea3e6c1dca81e90ee2df17fcc52a011fbe461ccc76685f2f59b0e365a1ba58
                                                                                                                                                                                • Instruction ID: 4430e0bb53360f26e76d92dd74536e064e6d95428998d2c5583fef05c299965e
                                                                                                                                                                                • Opcode Fuzzy Hash: b4ea3e6c1dca81e90ee2df17fcc52a011fbe461ccc76685f2f59b0e365a1ba58
                                                                                                                                                                                • Instruction Fuzzy Hash: B7E02030004325CFC7208B54F4417C1BBF4DF02919B1101ABD544CB516F761AD1DC7D2
                                                                                                                                                                                Function 07D9645F Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0e8a0a92bdd6c99036f74d588ba46a69dfe723f823ffdb0185ead32ad5002431
                                                                                                                                                                                • Instruction ID: fd66d35a737d9f605222af60bd1e73efaaea775c8896035b24b23e8ee3824e86
                                                                                                                                                                                • Opcode Fuzzy Hash: 0e8a0a92bdd6c99036f74d588ba46a69dfe723f823ffdb0185ead32ad5002431
                                                                                                                                                                                • Instruction Fuzzy Hash: 72E04F32344260CFC7429B68E4196997BB5FF4A720F1540AAF645CB392CB758C1687C5
                                                                                                                                                                                Function 07DD7F78 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6a3366248f8ba01c0c95e57312d663f7351643d25c6b18d38468db350fe353b0
                                                                                                                                                                                • Instruction ID: 9ec9c4963f42416ba8e4f5ec6e82560a64d2e6c8d5c02b7809a2c15fa68908bc
                                                                                                                                                                                • Opcode Fuzzy Hash: 6a3366248f8ba01c0c95e57312d663f7351643d25c6b18d38468db350fe353b0
                                                                                                                                                                                • Instruction Fuzzy Hash: 4FD0C2323042105B4214729FBC49C9EBAA9EBC92643504539F60C973048E628C06D2A5
                                                                                                                                                                                Function 07DD4952 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bda4090a5d3e1e5df29154958e8930b11ab379fceb37d470c22985bd7d0c6e8d
                                                                                                                                                                                • Instruction ID: 215e01d1f68ec1f6b615fc9f0f6c3926534b6d781b5172d0b905bba1d2743759
                                                                                                                                                                                • Opcode Fuzzy Hash: bda4090a5d3e1e5df29154958e8930b11ab379fceb37d470c22985bd7d0c6e8d
                                                                                                                                                                                • Instruction Fuzzy Hash: 40E065717002068FCB15EFA4E885AECF7B1FB88218B1400ACE90AAB740DB319E458B80
                                                                                                                                                                                Function 07DD64B0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7dff3718133f34467c02bdb34e0e011c047aa956fce55b71b83594ba6d7d3f74
                                                                                                                                                                                • Instruction ID: 110ee31f992858e3e21135d57d9cc816b83b86702a2df93b68241cde15bde8ed
                                                                                                                                                                                • Opcode Fuzzy Hash: 7dff3718133f34467c02bdb34e0e011c047aa956fce55b71b83594ba6d7d3f74
                                                                                                                                                                                • Instruction Fuzzy Hash: 49E08C36300114A78F062A5AA80889EFBDFEFD8271700C026FD09C7360DF79CD068690
                                                                                                                                                                                Function 07DF9870 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 72825d2012a39330c655d8548def24c60c4d8922cf040625f56dca6be0c8ae5b
                                                                                                                                                                                • Instruction ID: 98d43cc7e48cf3978c2680647bbc40ceb6b6a0242219fd48e8389e1edb99dc49
                                                                                                                                                                                • Opcode Fuzzy Hash: 72825d2012a39330c655d8548def24c60c4d8922cf040625f56dca6be0c8ae5b
                                                                                                                                                                                • Instruction Fuzzy Hash: CAD02EB27000A42B830421AF6C658ABFACECACD170304403AF30DC3305CC20CC02A3F5
                                                                                                                                                                                Function 07D9C9E8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c6dcf324b65698ffbaea2bd338f96c6d8fb34b92345fd9fea806d265ab47fa55
                                                                                                                                                                                • Instruction ID: 8a039bf11f1c200ad6438b29eab9fcbbd59d1ee3f5169b37dafba28165246173
                                                                                                                                                                                • Opcode Fuzzy Hash: c6dcf324b65698ffbaea2bd338f96c6d8fb34b92345fd9fea806d265ab47fa55
                                                                                                                                                                                • Instruction Fuzzy Hash: 1BE01276700518ABC714669AAC8889ABBDBDBCC7713154039FB0DC3301DE218C5197A5
                                                                                                                                                                                Function 077547CA Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 00978c4a5b34bed080053547d11f3af0789f83a913b3e98991adfec295498db1
                                                                                                                                                                                • Instruction ID: 4c8d75c76ce999bc63afac632203bbd39d44479fbb422ffa9a292067a651202e
                                                                                                                                                                                • Opcode Fuzzy Hash: 00978c4a5b34bed080053547d11f3af0789f83a913b3e98991adfec295498db1
                                                                                                                                                                                • Instruction Fuzzy Hash: 33D05B313055503B4618969DA89846EEBD7EBCD665324427EF30DC3340CD558C1297D5
                                                                                                                                                                                Function 07753E49 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 357aad18ec8a0e9e0136f77594d0baeba7620be264f0a43937fcd06477448ccb
                                                                                                                                                                                • Instruction ID: 3fcae625675e9cae997662e84b9665fc8d81ea70674a0dcb9ebca3b772ba6cce
                                                                                                                                                                                • Opcode Fuzzy Hash: 357aad18ec8a0e9e0136f77594d0baeba7620be264f0a43937fcd06477448ccb
                                                                                                                                                                                • Instruction Fuzzy Hash: 66E08C352042208FC3059B54E454BE23BB9EB4A320F0901ABE98A8B796CAA56C56CB91
                                                                                                                                                                                Function 07DF121B Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 19c5d7070a3cd5dafcdccce16b618969ad132046cfbcd1ef4661d848246c250a
                                                                                                                                                                                • Instruction ID: 947a4bc01731b8692a752eeb005fda068224db34e750dc08f854bdedf12cf81f
                                                                                                                                                                                • Opcode Fuzzy Hash: 19c5d7070a3cd5dafcdccce16b618969ad132046cfbcd1ef4661d848246c250a
                                                                                                                                                                                • Instruction Fuzzy Hash: 48E04FB5B00104CFDB10EBA4E8456ACF3F2EB89224F104159DA06AB340DB72DE008B91
                                                                                                                                                                                Function 0775AF18 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 399f7a9d3c469df5f1c373f8d9c71686fa04009d5abc6526228f21a5cad089d5
                                                                                                                                                                                • Instruction ID: 534064b39e9c63d3143787b0fdba3ce6f588ade788066e45214ae2ee07bdfebc
                                                                                                                                                                                • Opcode Fuzzy Hash: 399f7a9d3c469df5f1c373f8d9c71686fa04009d5abc6526228f21a5cad089d5
                                                                                                                                                                                • Instruction Fuzzy Hash: C8E026F890C2438AC3119719A910B217FE99B8528CF19C6EB98444B1DEE2A9C411C762
                                                                                                                                                                                Function 077547D0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f82a0c6b27a89d05ab9cc0ea5eeb56f2c673fcca5805a5e76c78bdd3dea14dd4
                                                                                                                                                                                • Instruction ID: bf2695018ce5f6f8d01f9006efd62a8ec4dccf7b2ec2939edcb0f4f994c391b1
                                                                                                                                                                                • Opcode Fuzzy Hash: f82a0c6b27a89d05ab9cc0ea5eeb56f2c673fcca5805a5e76c78bdd3dea14dd4
                                                                                                                                                                                • Instruction Fuzzy Hash: 03D05222305120270608219EA88886FAADEEACDAA1318423AE70DC3300CD558C0293E6
                                                                                                                                                                                Function 0775EEF0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5e5c7516ace14d46ac2fe5c4711545d9e5f429cc0cda14461b13623320d0cde9
                                                                                                                                                                                • Instruction ID: e09909e71d9db64df46a368e69a4225e6177e79b189c245198808a7054986e3e
                                                                                                                                                                                • Opcode Fuzzy Hash: 5e5c7516ace14d46ac2fe5c4711545d9e5f429cc0cda14461b13623320d0cde9
                                                                                                                                                                                • Instruction Fuzzy Hash: 42E086B07082418FE759CB24CC64E1533A2EF86749B604D8DE4008F7D6DBA5E8058B55
                                                                                                                                                                                Function 07DD7B20 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1c3b34910c37009244a5081c78fc170848c72b497b818f23731a5531c5edee9b
                                                                                                                                                                                • Instruction ID: cdccc5b692ce484f6f728da85dafd793fd82864b5061267b3291b0811952fcf1
                                                                                                                                                                                • Opcode Fuzzy Hash: 1c3b34910c37009244a5081c78fc170848c72b497b818f23731a5531c5edee9b
                                                                                                                                                                                • Instruction Fuzzy Hash: B9E0C235200B059FC630CE55C440992F7F9FB48628B008A59E89A47A20C771F8488B90
                                                                                                                                                                                Function 07DD0AA0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9ad044c80a6c05ecdea8c1f84452daa8c1f34259ec4aa77727d850a6282fe200
                                                                                                                                                                                • Instruction ID: 0b15b17e58f41a0a3fa2ab2a21c7bb20d052e038aac92b46efe95a7f85122c74
                                                                                                                                                                                • Opcode Fuzzy Hash: 9ad044c80a6c05ecdea8c1f84452daa8c1f34259ec4aa77727d850a6282fe200
                                                                                                                                                                                • Instruction Fuzzy Hash: 7AE0C239301210CFDB0D6B5CE86986C7B6BEF89215304406AF407C7711CF71D811CB84
                                                                                                                                                                                Function 07D98AAC Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 21cc1c1af27d1461e4cdc3b67e00dcec58734314feb768261583cb481c5b1dba
                                                                                                                                                                                • Instruction ID: af9258187009fbd2d5eb65f142729d61d56b9ae1a192b7cc34f232f8e6e1b587
                                                                                                                                                                                • Opcode Fuzzy Hash: 21cc1c1af27d1461e4cdc3b67e00dcec58734314feb768261583cb481c5b1dba
                                                                                                                                                                                • Instruction Fuzzy Hash: 32E07536B00114CFCB04DB74D4988ACB7F2FF882257510569E40697760DB35AC46CF41
                                                                                                                                                                                Function 07DDA3F0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a9c0ee22999b9479c6f85f298ddfbe4d9aade5c8cc55eb91987042c6e712fdee
                                                                                                                                                                                • Instruction ID: 5c0ab345378d0e734d81332b8e97cf31953912c06950b13d68949d11c977ec4f
                                                                                                                                                                                • Opcode Fuzzy Hash: a9c0ee22999b9479c6f85f298ddfbe4d9aade5c8cc55eb91987042c6e712fdee
                                                                                                                                                                                • Instruction Fuzzy Hash: 34D01236300024AB87049A8ED800C9ABB9EDFCD220314C02AF509C7311CA729D128790
                                                                                                                                                                                Function 07DD7BB9 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2cfeb5f41802cb29a829299220869ddc892f8e6bf560a9463d4c5a404a5c601d
                                                                                                                                                                                • Instruction ID: ee10d5b80573365d37fd2df6e1f28ad610e4110c01723b5f6426b4302a8239c1
                                                                                                                                                                                • Opcode Fuzzy Hash: 2cfeb5f41802cb29a829299220869ddc892f8e6bf560a9463d4c5a404a5c601d
                                                                                                                                                                                • Instruction Fuzzy Hash: A9E01A3100828AEFCB025F95CC008EA7F79EF09251B044052FD9485022D73AC974EB60
                                                                                                                                                                                Function 07DDEF20 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ee54434ccb47e00b28185d7647472db796572c687ea9522f8e5bda17939f1249
                                                                                                                                                                                • Instruction ID: fda78ef1244ec95605d6d8de0fea42c7ba895c18987679e786eff4e4f9a54bcf
                                                                                                                                                                                • Opcode Fuzzy Hash: ee54434ccb47e00b28185d7647472db796572c687ea9522f8e5bda17939f1249
                                                                                                                                                                                • Instruction Fuzzy Hash: 3CE08672100B014BC3308A69D004B91F7ED9F81225F4806B9E1098B661D7A1AC48C751
                                                                                                                                                                                Function 07DD18F0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ca62880213909833029b892158078fb95a4af27d5f97ab047ea5e1b2ecabec62
                                                                                                                                                                                • Instruction ID: f672f81e8f5cb67aea7263af0d3fb3a8c5e63761d52139dfc157de0b35693bc6
                                                                                                                                                                                • Opcode Fuzzy Hash: ca62880213909833029b892158078fb95a4af27d5f97ab047ea5e1b2ecabec62
                                                                                                                                                                                • Instruction Fuzzy Hash: 79E01235108299AFC7025B55E894985BFB9EF4A31530940DBE989CB122DB31DD29CB91
                                                                                                                                                                                Function 07DF1AD0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cc0ec76bd52ce56fda45af376fab04e32dd982bd5c59d0bf617847085784bb99
                                                                                                                                                                                • Instruction ID: ed4146b8da0e120a06a68d7aa058193a9f085c1d1178a05ce23565ea6e49e64e
                                                                                                                                                                                • Opcode Fuzzy Hash: cc0ec76bd52ce56fda45af376fab04e32dd982bd5c59d0bf617847085784bb99
                                                                                                                                                                                • Instruction Fuzzy Hash: C3D02E3100E2D5CBC723076AA4400C0FFF8DE0B22131A00EBE885C7423EA911C0987E2
                                                                                                                                                                                Function 07D91FF9 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a4cc0ab514b0b61e79c44405d56377a158aa554696b3d8908e9868114dc1e9eb
                                                                                                                                                                                • Instruction ID: 8ef778250425e15a8787005a3c5f28ce5a927770eb4c0cc107bd0b8ed01e87c6
                                                                                                                                                                                • Opcode Fuzzy Hash: a4cc0ab514b0b61e79c44405d56377a158aa554696b3d8908e9868114dc1e9eb
                                                                                                                                                                                • Instruction Fuzzy Hash: B5D05E351093949FC3461779A81C0E9BFB99E4BA6030584ABD689C3943CB2A6C11A7D2
                                                                                                                                                                                Function 077562ED Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 97786a4cf6f22081e0addae73c616ea1f72cddc416766955096507ddc9c7dc1a
                                                                                                                                                                                • Instruction ID: 839a1029819d7f095db62d5568b92273c40c55fdc766e1061fd4a09ae09009a9
                                                                                                                                                                                • Opcode Fuzzy Hash: 97786a4cf6f22081e0addae73c616ea1f72cddc416766955096507ddc9c7dc1a
                                                                                                                                                                                • Instruction Fuzzy Hash: 21E0C272F20010CFC620A74994051A8B3E0F784AA2FB1987FCC06DBA40DA718C4A8792
                                                                                                                                                                                Function 07E14850 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 609c125a8caf9dcfd70ba83e9f10428649f4dffd66e6690e5ff27a8f52849b55
                                                                                                                                                                                • Instruction ID: a499ff486435c9d169981aa59be4c8f55d65bcaef6db86ac9f73471cda07c858
                                                                                                                                                                                • Opcode Fuzzy Hash: 609c125a8caf9dcfd70ba83e9f10428649f4dffd66e6690e5ff27a8f52849b55
                                                                                                                                                                                • Instruction Fuzzy Hash: C6E04F3590010AEF8B00DB95D448888BB79EF49214700C195E5095B221D731AA15CB81
                                                                                                                                                                                Function 07DF51A9 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3c8efb03a562ed1cf9fd535fd24df50858f4034583f04dba85f3e815d7b3d1f8
                                                                                                                                                                                • Instruction ID: 08630982c655375a5f4765173b35d6f51b98e9f9d03533e71f4dfa68f81770a2
                                                                                                                                                                                • Opcode Fuzzy Hash: 3c8efb03a562ed1cf9fd535fd24df50858f4034583f04dba85f3e815d7b3d1f8
                                                                                                                                                                                • Instruction Fuzzy Hash: 5EE0C276006B90CFC7221F14E6002C5BB70EF0A611B16419BD4C28B711D7209852CBE2
                                                                                                                                                                                Function 07DD7F28 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e29692ff9da800c1fa327795b9d66b2a9590fcace6c33aa883815e15de5904ec
                                                                                                                                                                                • Instruction ID: 009aa39e79b0faab55b6d7e9206fa689508de65682583c8095b16bd137e4febf
                                                                                                                                                                                • Opcode Fuzzy Hash: e29692ff9da800c1fa327795b9d66b2a9590fcace6c33aa883815e15de5904ec
                                                                                                                                                                                • Instruction Fuzzy Hash: FFE086758442008FD305EB69EA042447BE1FB46318F094EA1E05D87656CB74C954C748
                                                                                                                                                                                Function 07E12C80 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5025761b3191672a0a85fa1f29e9afac8b62a6e01c9324916ae74b51483d30ab
                                                                                                                                                                                • Instruction ID: e8164aa787554e933e99392065040e56db9d65c99f80d4bfab9b94262ab4e4ed
                                                                                                                                                                                • Opcode Fuzzy Hash: 5025761b3191672a0a85fa1f29e9afac8b62a6e01c9324916ae74b51483d30ab
                                                                                                                                                                                • Instruction Fuzzy Hash: FED05E713052505BC329572AE408EA6BBEEEBC5625F0980BAE60A83751CA64AC45CB91
                                                                                                                                                                                Function 07DFDD13 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220029140.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7df0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 95c0c304e325698592b75e54574cb3740716b09e06fda922207a4426581c06e0
                                                                                                                                                                                • Instruction ID: 8b59140d6d3c24fc12e08f69368ec6143f1dc665fcc4ffc5ef6970dce85cd8ef
                                                                                                                                                                                • Opcode Fuzzy Hash: 95c0c304e325698592b75e54574cb3740716b09e06fda922207a4426581c06e0
                                                                                                                                                                                • Instruction Fuzzy Hash: 2FD05B7011834CDFC701AF65C855795BBA5AF46301F2640E7E5448F151D625581987E5
                                                                                                                                                                                Function 07D9EB64 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f6a1704f314ca232ee9bab87df2ea51dc32cf60e7099ffdd4db97f9a95bb9733
                                                                                                                                                                                • Instruction ID: 77ad697727248a06fdc6fc33b8294cebb77a05fb0499f65f0ccac421d337bc89
                                                                                                                                                                                • Opcode Fuzzy Hash: f6a1704f314ca232ee9bab87df2ea51dc32cf60e7099ffdd4db97f9a95bb9733
                                                                                                                                                                                • Instruction Fuzzy Hash: 43E0E5B590420ADFCF20CF40C899BEEBF70FB08314F1045A9E446A2280CB745988CF90
                                                                                                                                                                                Function 07D97160 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d96260deec312d59997689651bf4b4946df9fd597ff0cda3a61ebfd4df749142
                                                                                                                                                                                • Instruction ID: 8159cf04ff785ecee2a6b4c899983b219fba8e5e59fc39f79401652d924ebb20
                                                                                                                                                                                • Opcode Fuzzy Hash: d96260deec312d59997689651bf4b4946df9fd597ff0cda3a61ebfd4df749142
                                                                                                                                                                                • Instruction Fuzzy Hash: 5BD05EB1108340DFD342AF208D51B967BF8EF45744F26849AE985CB083F37548698B22
                                                                                                                                                                                Function 07D96470 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0b80eb20ccb4abd053bfd35ecfa4cbb665d6075ba22ebfa9333992d30b08c7d3
                                                                                                                                                                                • Instruction ID: 7b22eaa8b4cd6d2332a248d1ef49cf258857ac02bd4a4be831897b9abaa62308
                                                                                                                                                                                • Opcode Fuzzy Hash: 0b80eb20ccb4abd053bfd35ecfa4cbb665d6075ba22ebfa9333992d30b08c7d3
                                                                                                                                                                                • Instruction Fuzzy Hash: 48D05E32300124DBCB049B68E019BAA77D9EB8D621F14407AF506C7340CE759C0087C4
                                                                                                                                                                                Function 0775AF28 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: da0a087d5f8125d4b30fbf36dcbca93df220195f54299eeaaf9786de21b7305d
                                                                                                                                                                                • Instruction ID: 9f3780647080fc42a8ca15cb72bb65104568d3875cb58f2d0a67561b2ddf12b2
                                                                                                                                                                                • Opcode Fuzzy Hash: da0a087d5f8125d4b30fbf36dcbca93df220195f54299eeaaf9786de21b7305d
                                                                                                                                                                                • Instruction Fuzzy Hash: 21D0A7F5610207C7D710EB1AEA10B6277A9AB80288F14C672AC444B1CCD6B9D981C6F2
                                                                                                                                                                                Function 07753E58 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 88f648e76c5e3c58d944e925d9deaea9fdeb8ccb8916440f6de6e8a7db3e470f
                                                                                                                                                                                • Instruction ID: 9184e10f421adb4b14839a051f7e2401efb865fdf7f3d0b7f1118818da044bef
                                                                                                                                                                                • Opcode Fuzzy Hash: 88f648e76c5e3c58d944e925d9deaea9fdeb8ccb8916440f6de6e8a7db3e470f
                                                                                                                                                                                • Instruction Fuzzy Hash: CAD0A7343001108FC3009B54E008BE277EAEB48314F04006BE90987B55CAF27C5087C0
                                                                                                                                                                                Function 07DD7F38 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8500b83dfbe31439bf96f755edfdd5eb25b690b4ce70325d8876a344156f5507
                                                                                                                                                                                • Instruction ID: 1e97e010f770631cc456095b080d88a164f599e57bc339426361f574127ddc69
                                                                                                                                                                                • Opcode Fuzzy Hash: 8500b83dfbe31439bf96f755edfdd5eb25b690b4ce70325d8876a344156f5507
                                                                                                                                                                                • Instruction Fuzzy Hash: 0BD09E705143148FE304FB5DE644A5577E6B789328F048D64F51D47B59DB70E880C684
                                                                                                                                                                                Function 07DD28A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 070513e0bd352fd7ee4af06cb7e710256a54c977edcc3dfe6ae789ab55dd39c2
                                                                                                                                                                                • Instruction ID: fafc98638cc906b0760e5a30256bac67d1843649f4cf9eadb7d6290e79f27d63
                                                                                                                                                                                • Opcode Fuzzy Hash: 070513e0bd352fd7ee4af06cb7e710256a54c977edcc3dfe6ae789ab55dd39c2
                                                                                                                                                                                • Instruction Fuzzy Hash: 1BD0A932609342EFCB025B60EC017CBBF32AF413E0F20C542E088A90A2C3324828CB63
                                                                                                                                                                                Function 07DD762A Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 376dbc0679dfa3d1d381307fb161f006c8ff6c3e9654c17726c9d2693b55d8ce
                                                                                                                                                                                • Instruction ID: ad40b71ea39c7fbfa48a445cff298f8638449a78900f1547c0c956cd5c6c5cf9
                                                                                                                                                                                • Opcode Fuzzy Hash: 376dbc0679dfa3d1d381307fb161f006c8ff6c3e9654c17726c9d2693b55d8ce
                                                                                                                                                                                • Instruction Fuzzy Hash: DAD0C935A00009CFCB00CB94E0846ECFBF0FB88329F240096D60963610D3329D558F91
                                                                                                                                                                                Function 07DD1900 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c3ab3d293e8e62ddbfc0fe7093c4ccaf55f6fa425ab959d01e5eddb91a304f2f
                                                                                                                                                                                • Instruction ID: 4de4dd31d0632810bb95fb48cdad21094f66013d6ea0e71cad9c7d5264411d0e
                                                                                                                                                                                • Opcode Fuzzy Hash: c3ab3d293e8e62ddbfc0fe7093c4ccaf55f6fa425ab959d01e5eddb91a304f2f
                                                                                                                                                                                • Instruction Fuzzy Hash: 50C0123610011CAF87009B85E904CC1BFEDEB0935130480AAF50987121CA61A814DB90
                                                                                                                                                                                Function 07E14820 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2220093395.0000000007E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E10000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7e10000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 104d28fe74b23b4afb67032cb999c9f0a52b93b178a9340b7524d316a6ee9db5
                                                                                                                                                                                • Instruction ID: 2d0d05a57143a62b8fe4800e53d81abb7eb7ba020900cde3bb10d6f1419e4522
                                                                                                                                                                                • Opcode Fuzzy Hash: 104d28fe74b23b4afb67032cb999c9f0a52b93b178a9340b7524d316a6ee9db5
                                                                                                                                                                                • Instruction Fuzzy Hash: 1FC04CBF41F2C1598D16055149132C51B60846325EB9568C7D4E1AEADBC048888AD2D2
                                                                                                                                                                                Function 07DD7521 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7e2a166804ad44b5447737cb746a577bdc650f09b22e5ec3bd9f0112371ad52e
                                                                                                                                                                                • Instruction ID: f429fc8c702226b990ab2cfaf00b14b52662bda2f2c4a554b3c3f8c150a75c96
                                                                                                                                                                                • Opcode Fuzzy Hash: 7e2a166804ad44b5447737cb746a577bdc650f09b22e5ec3bd9f0112371ad52e
                                                                                                                                                                                • Instruction Fuzzy Hash: 1DD0C93010A341CFCB0A5B2895584003B31FF4231936A00EAD0818A263C7368815CB51
                                                                                                                                                                                Function 07D92008 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3f2542eb3a480118de1ff664d81a4d149855987fbcf2d2cf6217e1f23dd2bf80
                                                                                                                                                                                • Instruction ID: 3317b7f8eeb2d9945bf0cf11dafe0faaacf08b3f115ca687785693857911bd4c
                                                                                                                                                                                • Opcode Fuzzy Hash: 3f2542eb3a480118de1ff664d81a4d149855987fbcf2d2cf6217e1f23dd2bf80
                                                                                                                                                                                • Instruction Fuzzy Hash: 46C02B313012284BC7002379780C0ED7BDCD78C9613008072E90DC3301CE358C0007C0
                                                                                                                                                                                Function 077597E7 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219398982.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7750000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 84ba3a56b89036b819ee856507de4e1982e9cae4ace75a74d3079d87566b40f5
                                                                                                                                                                                • Instruction ID: 34a8d55bbbe27a1df9e76f723848183fac7c4c26ab618a94b0d5b8d1c61696ce
                                                                                                                                                                                • Opcode Fuzzy Hash: 84ba3a56b89036b819ee856507de4e1982e9cae4ace75a74d3079d87566b40f5
                                                                                                                                                                                • Instruction Fuzzy Hash: B0C08C2180C3C389D3020738A8C83803F00CB72E60F244B9AC1E4980C2DA4400028622
                                                                                                                                                                                Function 07D90B0B Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219724401.0000000007D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D90000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7d90000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9f75ddfe1a1b54170dc320c2e3f108bf54e8d67f3353acf32640f7fa728f977f
                                                                                                                                                                                • Instruction ID: 4570a69830b8b74f0f9468b60aa5564822282ce997e04e007b24ac3d98cf6aa6
                                                                                                                                                                                • Opcode Fuzzy Hash: 9f75ddfe1a1b54170dc320c2e3f108bf54e8d67f3353acf32640f7fa728f977f
                                                                                                                                                                                • Instruction Fuzzy Hash: 9EC02BF1200532ABD2701E1C700918063C1DB440043210868A2ABCB300EF304CC0D7C0
                                                                                                                                                                                Function 07DD0DF1 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4f51ae1c51bfef5591b8278b7a6b4cb7a3b552308979a10adcb38817603e4523
                                                                                                                                                                                • Instruction ID: a60571b30e01d0dfaa751ef0601519755beadeaec8a838849d40ffa5724e9606
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f51ae1c51bfef5591b8278b7a6b4cb7a3b552308979a10adcb38817603e4523
                                                                                                                                                                                • Instruction Fuzzy Hash: 9AC08C304492409FC70A0B3094484283B32BF92301360887AE481D5642CA288560CA02
                                                                                                                                                                                Function 07DD79F0 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
                                                                                                                                                                                • Instruction ID: 69d654b786e784b7fcec142bbff3c839db2e3bfe9d8b5fbb0d917936935b78d1
                                                                                                                                                                                • Opcode Fuzzy Hash: 462f806103f530d795e63e7cd30240698a3559f3884ee21002b46cc62c982ebf
                                                                                                                                                                                • Instruction Fuzzy Hash: 3AB01277E19008C9DB009AC4F4427EDFB30F791335F104067C35062000C332027887D1
                                                                                                                                                                                Function 07DD9870 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000005.00000002.2219951195.0000000007DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DD0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_5_2_7dd0000_WebCompanionInstaller.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8c24a28a802221622045e9f3b147a07407a074b1ef178930a39ee170ef4629af
                                                                                                                                                                                • Instruction ID: 8db3cbff5fee49cef80c044c45535608ced93cc0a77c5c7b9fccec6495efbd0a
                                                                                                                                                                                • Opcode Fuzzy Hash: 8c24a28a802221622045e9f3b147a07407a074b1ef178930a39ee170ef4629af
                                                                                                                                                                                • Instruction Fuzzy Hash: 1AB092302142088F8244AB5DE444C5077E8AB4C61434100E8F40DCBB22CA61FC008A45